CN103853980A - Safety prompting method and device - Google Patents
Safety prompting method and device Download PDFInfo
- Publication number
- CN103853980A CN103853980A CN201410073921.0A CN201410073921A CN103853980A CN 103853980 A CN103853980 A CN 103853980A CN 201410073921 A CN201410073921 A CN 201410073921A CN 103853980 A CN103853980 A CN 103853980A
- Authority
- CN
- China
- Prior art keywords
- file
- virus
- carried out
- user
- current operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a safety prompting method and device. The safety prompting method comprises the steps of receiving a file, and detecting virus of the received file; further detecting the current operating environment if the file does not belong to a virus sample library and a non-virus sample library; executing the safety prompting if the current operating environment satisfies a preset condition. According to the embodiment of the invention, the virus detection is carried out for the received file, the current operating environment is detected under the situation that the file does not belong to the virus sample library and the non-virus sample library, and the safety prompting is executed when the current operating environment satisfies the preset condition, so that the accuracy for detecting the file and the reliability in prompting can be greatly improved.
Description
Technical field
The present invention relates to network security technology field, particularly a kind of safety instruction method and device.
Background technology
Along with the development of infotech, computing machine has become an important component part of people's life, work and amusement, and computer network also becomes a kind of major way of human communication, communication.Bring easily simultaneously in computer technology, the network security problem of computing machine is appearance thereupon also, and one of them important aspect is exactly the appearance of internet worm.
At present, the kind of internet worm is more and more, and circulation way is also constantly being upgraded, changed.Analyze viral propagation by way of, find that there is following several mode:
1. deception is downloaded, and is the viral circulation way of absolute main flow.Virus is propagated by some software download websites, e-book download website, novel download website, or the overdue advertisement of user, just may download one and bundle viral program.The most direct carrier of this circulation way is browser and all kinds of download tool.
2. propagate by chat tools such as instant message such as QQ, MSN, Wang Wang, YY.A lot of trojan horse programs all carry out point-to-point propagation by QQ, Wang Wang.
3. propagate by USB flash disk, this circulation way usually occurs in school, print shop and digital photofinishing shop.
4. propagate by LAN (Local Area Network), for example, share, in-house network is downloaded, the attack propagation of worm type etc.
And utilizing antivirus software to look in viricidal process, increasing virus can be walked around the defence of traditional antivirus software, for example, add shell and add and spend leak loading free to kill, to utilize normal software etc.As long as suspicious program successful operation, the antivirus software that how powerful defence capability is is all helpless.
And " border defence " virus proof tech that technology proposes in order to overcome above-mentioned defect is just from traditional the different of virus proof tech maximum, " border defence " emphasizes " the not poisoning best safety solution that is only "." border defence " by the extraneous program that enters computer is monitored, can be judged as during not yet by operation in virus safe or dangerous, thereby ensure to greatest extent the security protection to local computer.
The workflow of " border defence " is: a file enters PC by downloading, transmit, copy the modes such as stickup or plugin card installation; In the process that enters computer, trigger border defence; Border defence judges whether this file is text of an annotated book part, if text of an annotated book part, by border, if black file, directly forbid running paper, if unknown file is uploaded high in the clouds and carried out cloud qualification, in cloud qualification, there is powerful Initiative Defense, high many moneys of scanner uni assessor that inspires scans file, as judged, turn artificial, finally return to qualification result for by border or forbid operation.If border defence is pretended to be the virus of normal software to out-trick, but finds that file has virus behavior in the time that system is moved, the defence of startup system, i.e. killing virus and repair system.
And in correlation technique, in the time that user is received other users and passed the file of coming by instant message (IM) instrument, antivirus software can carry out a file attribute judgement to sample, black file if, bullet bubble prompting user be viral; Text of an annotated book part, grey file or unknown file, pass through border if.
As can be seen here, although above-mentioned border defense technique can detect and point out some unknown file, apocrypha, detection dimensions is single, and in addition, hacker can induce user to distrust the prompting of antivirus software, thereby carries out also poisoning.In addition, some antivirus software virus killing effects are not fine, can let pass grey file or unknown file.
Summary of the invention
The present invention is intended to solve the problems of the technologies described above at least to a certain extent.
For this reason, the embodiment of the present invention proposes a kind of safety instruction method, device and mobile terminal, and the embodiment of the present invention has promoted the accuracy rate that file detects greatly.
Propose a kind of safety instruction method according to first aspect present invention embodiment, having comprised: received file, and the described file receiving is carried out to virus and detect; If described file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, further detect current operation environment; And if described current operation environment meets pre-conditionedly, carry out safety instruction.
The safety instruction method of the embodiment of the present invention, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect current operation environment, and meet when pre-conditioned and carry out safety instruction in current operation environment, greatly promote accuracy rate that file detects and trusted degree to prompting.
Second aspect present invention embodiment has proposed a kind of safety reminding device, comprising: first detection module, for receiving file, and carries out virus to the described file receiving and detects; The second detection module, if do not belong to Virus Sample storehouse and non-viral Sample Storehouse for described file, further detects current operation environment; And reminding module, pre-conditioned if the described current operation environment detecting for described the second detection module meets, carry out safety instruction.
The safety reminding device of the embodiment of the present invention, by first detection module, the file receiving being carried out to virus detects, then by the second detection module in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect operating environment, and meet and carry out safety instruction when pre-conditioned in definite current operation environment by reminding module, greatly promote the accuracy rate that file detects, and then promoted the trust degree of prompting.
Third aspect present invention embodiment has proposed a kind of mobile terminal, this mobile terminal comprises housing, processor, storer, circuit board and power circuit, wherein, described circuit board is placed in the interior volume that described housing surrounds, and described processor and described storer are arranged on described circuit board; Described power circuit, is used to each circuit or the device power supply of described mobile terminal; Described storer is for stores executable programs code; Described processor moves the program corresponding with described executable program code by reading the executable program code of storing in described storer, for carrying out following steps: receive file, and the described file receiving is carried out to virus and detect; If described file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, further detect current operation environment; And if described current operation environment meets pre-conditionedly, carry out safety instruction.
The mobile terminal of the embodiment of the present invention, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect current operation environment, and meet when pre-conditioned and carry out safety instruction in current operation environment, greatly promote accuracy rate that file detects and trusted degree to prompting.
Additional aspect of the present invention and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Brief description of the drawings
Above-mentioned and/or additional aspect of the present invention and advantage accompanying drawing below combination is understood becoming the description of embodiment obviously and easily, wherein:
Fig. 1 is the process flow diagram of safety instruction method according to an embodiment of the invention;
Fig. 2 is the process flow diagram of the safety instruction method of an application example according to the present invention;
Fig. 3 is the process flow diagram of the safety instruction method of the Another application example according to the present invention;
Fig. 4 is the structural representation of safety reminding device according to an embodiment of the invention.
Embodiment
Describe embodiments of the invention below in detail, the example of embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has the element of identical or similar functions from start to finish.Be exemplary below by the embodiment being described with reference to the drawings, only for explaining the present invention, and can not be interpreted as limitation of the present invention.
Describe according to safety instruction method and the device of the embodiment of the present invention below with reference to accompanying drawing.
Fig. 1 is the process flow diagram of safety instruction method according to an embodiment of the invention.As shown in Figure 1, this safety instruction method comprises the following steps:
S101, receives file, and the file receiving is carried out to virus and detect.
In an embodiment of the present invention, can receive file by variety of way, for example can receive the file that other users send by IM instrument, then, the file receiving is carried out to virus to be detected, thereby can detect the state of file, detecting file is black file, text of an annotated book part or unknown file etc.
Wherein, the file receiving is carried out to viral detection can be: send this file to server, according to this file polling Virus Sample storehouse and non-viral Sample Storehouse, and return to testing result by server; Also can be: by inquiring about local Virus Sample storehouse and non-viral Sample Storehouse, obtain testing result.
Particularly, the file receiving is carried out to viral detection can be comprised: extract the eigenwert of this file, based on this eigenwert, respective file is carried out to virus and detect.
S102, if file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, further detects current operation environment.
In an embodiment of the present invention, do not belong to Virus Sample storehouse and non-viral Sample Storehouse if detect this file, also this file, neither black file neither text of an annotated book part, needs further to detect current operation environment, and what scene active user is under.
S103, pre-conditioned if current operation environment meets, carry out safety instruction.
Only just need to carry out safety instruction active user in specific scene, for example active user is carrying out net purchase or is playing games.The mode of carrying out safety instruction has a variety of, for example, can carry out the suspicious information of display file in the mode of the prompting frame that ejects default form or user-defined format.Certain above-mentioned prompting frame can be various forms of bubbles.Above-mentioned information can comprise that current operation environment information is the residing scene of active user, can also comprise that fraudulent mean information of forecasting is that what means hacker may utilize swindle, thereby promotes the trusting degree of user to information.
In order to promote attention rate and the attention degree of user to information, can adopt with the prompting frame of eye-catching mark, special sign or special style and carry out display reminding information in an embodiment of the present invention.Wherein, eye-catching mark can be arranged by user oneself, also can adopt existing mark; Special style also can be arranged by user oneself, for example, for different scenes, can adopt the prompting frame of different patterns.
In addition, in order to detect better file and to carry out safety instruction, meet the pre-conditioned active user of being after specific scene in definite current operation environment, can also comprise following operation: file is carried out to responsive keyword match, and after matching responsive key word, carry out safety instruction.
Wherein, for different scenes, for the responsive key word difference of mating.
Particularly, file is carried out to responsive keyword match and can realize by the mode of direct coupling or indirect matching, wherein, the mode of indirect matching is: first know the source of file, then according to source, file is carried out to responsive keyword match.Directly the mode of coupling is: the content of file is carried out to responsive keyword match, also can mate filename.As can be seen here, this mode is based on document source, responsive key word and user's scene three aspect factor, and multidimensional judges that whether the file that user receives suspicious, with only according to file status detect file whether suspicious compared with, greatly promoted accuracy rate.
Above-mentioned safety instruction method, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect current operation environment, and meet when pre-conditioned and carry out safety instruction in current operation environment, greatly promote accuracy rate that file detects and trusted degree to prompting.
Fig. 2 is the process flow diagram of the safety instruction method of an application example according to the present invention, supposes that user is carrying out net purchase in this application example.
As shown in Figure 2, this safety instruction method comprises the following steps:
S201, receives file by IM instrument, and the file receiving is carried out to virus and detect.
In an embodiment of the present invention, receiving by IM instrument after the file of other users' transmissions, the file receiving is carried out to virus detection, thereby can detect the state of file, detecting file is black file, text of an annotated book part or unknown file etc.
Wherein, the file receiving is carried out to viral detection can be: send this file to server, according to this file polling Virus Sample storehouse and non-viral Sample Storehouse, and return to testing result by server; Also can be: by inquiring about local Virus Sample storehouse and non-viral Sample Storehouse, obtain testing result.
S202, judges whether this file belongs to Virus Sample storehouse or non-viral Sample Storehouse, if all do not belonged to, detects the residing scene of active user, if belong to Virus Sample storehouse, interception, if belong to non-viral Sample Storehouse, lets pass.
In an embodiment of the present invention, do not belong to Virus Sample storehouse and non-viral Sample Storehouse if detect this file, also this file, neither black file neither text of an annotated book part, needs further to detect current operation environment, detects the residing scene of active user.
S203, judges that whether active user is in net purchase scene, if not in, let pass, if in, perform step S204.
In this embodiment, only just need to carry out safety instruction active user in specific scenes such as net purchases.
S204, judges whether this file comprises responsive key word, if comprise, ejects special this file of bubble prompting user suspicious, and in this bubble, comprises the residing scene information of user and fraudulent mean information of forecasting, otherwise, let pass.
Wherein, for different scenes, for the responsive key word difference of mating, for example, under net purchase scene, can, for bill, payment etc., if comprise the key word such as bill or payment in this file, carry out safety instruction for the responsive key word mating.
The mode of carrying out safety instruction has a variety of, and the special bubble of ejection that adopted is in this embodiment a kind of implementation.This special bubble can be only just can eject under net purchase scene user.
Above-mentioned information comprises that current operation environment information is that the residing scene information of active user and fraudulent mean information of forecasting are that what means hacker may utilize swindle, can promote the trusting degree of user to information, make user not believe hacker's induction, thereby trust information, can be not poisoning because carrying out this file.
Above-mentioned safety instruction method, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect operating environment, and can binding operation environment, responsive key word comprehensively judges whether this file is apocrypha, greatly promoted the accuracy rate that file detects; In addition, for apocrypha, not only point out user to have threat, and the residing scene of user is described in bubble, hacker is intended to adopt any means to remove to defraud of user's wealth, thereby promotes the trusting degree of user to information, provides basis for estimation for whether user carries out this file.
Fig. 3 is the process flow diagram of the safety instruction method of the Another application example according to the present invention, supposes that user plays games in this application example.
As shown in Figure 3, this safety instruction method comprises the following steps:
S301, receives file by QQ software, and the file receiving is carried out to virus and detect.
In an embodiment of the present invention, receiving by QQ software after the file of other users' transmissions, the file receiving is carried out to virus detection, thereby can detect the state of file, detecting file is black file, text of an annotated book part or unknown file etc.
Wherein, the file receiving is carried out to viral detection can be: send this file to server, according to this file polling Virus Sample storehouse and non-viral Sample Storehouse, and return to testing result by server; Also can be: by inquiring about local Virus Sample storehouse and non-viral Sample Storehouse, obtain testing result.
S302, judges whether this file belongs to Virus Sample storehouse or non-viral Sample Storehouse, if all do not belonged to, detects the residing scene of active user, if belong to Virus Sample storehouse, interception, if belong to non-viral Sample Storehouse, lets pass.
In an embodiment of the present invention, do not belong to Virus Sample storehouse and non-viral Sample Storehouse if detect this file, also this file, neither black file neither text of an annotated book part, needs further to detect current operation environment, detects the residing scene of active user.
S303, judges that whether active user is in scene of game, if not in, let pass, if in, perform step S304.
In this embodiment, only just need to carry out safety instruction active user in specific scenes such as game.
S304, detects that file is from QQ software.
Under different scenes, whether suspicious the source of file is very large on file impact, therefore need to first detect document source.
S305, judges whether this file comprises responsive key word, if comprise, this file of bubble prompting user that ejects user-defined format is suspicious, and in this bubble, comprises the residing scene information of user and fraudulent mean information of forecasting, otherwise, let pass.
Wherein, for different scenes, for the responsive key word difference of mating, for example, under scene of game, can, for bill, payment etc., if comprise the key word such as bill or payment in this file, carry out safety instruction for the responsive key word mating.
The mode of carrying out safety instruction has a variety of, and the bubble of the ejection user-defined format that adopted is in this embodiment a kind of implementation.The bubble of this user-defined format can be to have eye-catching mark or have special form, can attract user's attention.
Above-mentioned information comprises that current operation environment information is that the residing scene information of active user and fraudulent mean information of forecasting are that what means hacker may utilize swindle, can promote the trusting degree of user to information, make user not believe hacker's induction, thereby trust information, can be not poisoning because carrying out this file.
Above-mentioned safety instruction method, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect operating environment, and can binding operation environment, responsive key word and document source comprehensively judge whether this file is apocrypha, greatly promoted the accuracy rate that file detects; In addition, for apocrypha, not only point out user to have threat, and the residing scene of user is described in bubble, hacker is intended to adopt any means to remove to defraud of user's wealth, thereby promotes the trusting degree of user to information, provides basis for estimation for whether user carries out this file.
In order to realize above-described embodiment, the present invention also proposes a kind of safety reminding device.
Fig. 4 is the structural representation of safety reminding device according to an embodiment of the invention.As shown in Figure 4, this safety reminding device comprises first detection module 41, the second detection module 42 and reminding module 43.
Wherein, first detection module 41 is for receiving file, and the above-mentioned file receiving is carried out to virus detection.In the present embodiment, first detection module 41 can receive file by variety of way, for example can receive the file that other users send by IM instrument, then, the file receiving is carried out to virus to be detected, thereby can detect the state of file, detecting file is black file, text of an annotated book part or unknown file etc.Particularly, first detection module 41 can first extract the eigenwert of the file of reception, and the eigenwert based on file is carried out virus to file and detected.
In addition, the file receiving is carried out to viral detection can be: send this file to server, according to this file polling Virus Sample storehouse and non-viral Sample Storehouse, and return to testing result by server; Also can be: by inquiring about local Virus Sample storehouse and non-viral Sample Storehouse, obtain testing result.
Wherein, if the second detection module 42 does not belong to Virus Sample storehouse and non-viral Sample Storehouse for above-mentioned file, further detect current operation environment.In this embodiment, if detecting this file, first detection module 41 do not belong to Virus Sample storehouse and non-viral Sample Storehouse, also this file neither black file neither text of an annotated book part, need to use the second detection module 42 further to detect current operation environment, detect the residing scene of active user.
Wherein, pre-conditioned if the above-mentioned current operation environment that reminding module 43 detects for above-mentioned the second detection module meets, carry out safety instruction.In this embodiment, only just need to carry out safety instruction active user in specific scene, for example active user is carrying out net purchase or is playing games.The mode of carrying out safety instruction has a variety of, for example, can carry out the suspicious information of display file in the mode of the prompting frame that ejects default form or user-defined format.Certain above-mentioned prompting frame can be various forms of bubbles.Above-mentioned information can comprise that current operation environment information is the residing scene of active user, can also comprise that fraudulent mean information of forecasting is that what means hacker may utilize swindle, thereby promote the trusting degree of user to information, make user not believe hacker's induction, thereby trust information, can be not poisoning because carrying out this file.
In order to detect better file and to carry out safety instruction, above-mentioned reminding module 43 also for: current operation environment meet pre-conditioned after, above-mentioned file is carried out to responsive keyword match, and determine above-mentioned file match responsive key word.Wherein, for different scenes, for the responsive key word difference of mating.
In addition, above-mentioned reminding module 43 can be specifically for: know the source of above-mentioned file, according to above-mentioned source, above-mentioned file is carried out to responsive keyword match; Or, above-mentioned file content or filename are carried out to responsive keyword match; Realize by the mode of direct coupling or indirect matching.Based on document source, responsive key word and user's scene three aspect factor, multidimensional judges that whether the file that user receives suspicious, with only according to file status detect file whether suspicious compared with, greatly promoted accuracy rate.
Further, reminding module 43 can first arrange the prompting frame corresponding with different operating environment difference, for example, the prompting frame of different patterns can be set for different operating environments, then show corresponding information by ejecting the prompting frame corresponding with current operation environment.
The course of work of the safety reminding device that comprises first detection module 41, the second detection module 42 and reminding module 43 can, referring to Fig. 1-Fig. 3, not repeat herein.
Above-mentioned safety reminding device, by first detection module, the file receiving being carried out to virus detects, then by the second detection module in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect operating environment, and meet and carry out safety instruction when pre-conditioned in definite current operation environment by reminding module, greatly promote the accuracy rate that file detects, and then promoted the trusted degree to prompting.In addition, for apocrypha, not only point out user to have threat, and the residing scene of user is described in bubble, hacker is intended to adopt any means to remove to defraud of user's wealth, thereby promotes the trusting degree of user to information, provides basis for estimation for whether user carries out this file.
In order to realize above-described embodiment, the present invention also proposes a kind of mobile terminal.
This mobile terminal comprises housing, processor, storer, circuit board and power circuit, and wherein, circuit board is placed in the interior volume that housing surrounds, and processor and storer are arranged on circuit board; Power circuit, is used to each circuit or the device power supply of mobile terminal; Storer is for stores executable programs code; Processor moves the program corresponding with executable program code by the executable program code of storing in read memory, for carrying out following steps:
S101 ', receives file, and the file receiving is carried out to virus and detect.
In an embodiment of the present invention, can receive file by variety of way, for example can receive the file that other users send by IM instrument, then, the file receiving is carried out to virus to be detected, thereby can detect the state of file, detecting file is black file, text of an annotated book part or unknown file etc.
Wherein, the file receiving is carried out to viral detection can be: send this file to server, according to this file polling Virus Sample storehouse and non-viral Sample Storehouse, and return to testing result by server; Also can be: by inquiring about local Virus Sample storehouse and non-viral Sample Storehouse, obtain testing result.
S102 ', if file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, further detects current operation environment.
In an embodiment of the present invention, do not belong to Virus Sample storehouse and non-viral Sample Storehouse if detect this file, also this file, neither black file neither text of an annotated book part, needs further to detect current operation environment, and what scene active user is under.
S103 ', pre-conditioned if current operation environment meets, carry out safety instruction.
Only just need to carry out safety instruction active user in specific scene, for example active user is carrying out net purchase or is playing games.The mode of carrying out safety instruction has a variety of, for example, can carry out the suspicious information of display file in the mode of the prompting frame that ejects default form or user-defined format.Certain above-mentioned prompting frame can be various forms of bubbles.Above-mentioned information can comprise that current operation environment information is the residing scene of active user, can also comprise that fraudulent mean information of forecasting is that what means hacker may utilize swindle, thereby promotes the trusting degree of user to information.
In order to promote attention rate and the attention degree of user to information, can adopt with the prompting frame of eye-catching mark, special sign or special style and carry out display reminding information in an embodiment of the present invention.Wherein, eye-catching mark can be arranged by user oneself, also can adopt existing mark; Special style also can be arranged by user oneself, for example, for different scenes, can adopt the prompting frame of different patterns.
In addition, in order to detect better file and to carry out safety instruction, meet the pre-conditioned active user of being after specific scene in definite current operation environment, can also comprise following operation: file is carried out to responsive keyword match, and after matching responsive key word, carry out safety instruction.
Wherein, for different scenes, for the responsive key word difference of mating.
Particularly, file is carried out to responsive keyword match and can realize by the mode of direct coupling or indirect matching, wherein, the mode of indirect matching is: first know the source of file, then according to source, file is carried out to responsive keyword match.Directly the mode of coupling is: the content of file is carried out to responsive keyword match, also can mate filename.As can be seen here, this mode is based on document source, responsive key word and user's scene three aspect factor, and multidimensional judges that whether the file that user receives suspicious, with only according to file status detect file whether suspicious compared with, greatly promoted accuracy rate.
Above-mentioned mobile terminal, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect current operation environment, and meet when pre-conditioned and carry out safety instruction in current operation environment, greatly promote accuracy rate that file detects and trusted degree to prompting.
In one embodiment of the invention, processor is also for carrying out following steps:
S201 ', receives file by IM instrument, and the file receiving is carried out to virus and detect.
In an embodiment of the present invention, receiving by IM instrument after the file of other users' transmissions, the file receiving is carried out to virus detection, thereby can detect the state of file, detecting file is black file, text of an annotated book part or unknown file etc.
Wherein, the file receiving is carried out to viral detection can be: send this file to server, according to this file polling Virus Sample storehouse and non-viral Sample Storehouse, and return to testing result by server; Also can be: by inquiring about local Virus Sample storehouse and non-viral Sample Storehouse, obtain testing result.
S202 ', judges whether this file belongs to Virus Sample storehouse or non-viral Sample Storehouse, if all do not belonged to, detects the residing scene of active user, if belong to Virus Sample storehouse, interception, if belong to non-viral Sample Storehouse, lets pass.
In an embodiment of the present invention, do not belong to Virus Sample storehouse and non-viral Sample Storehouse if detect this file, also this file, neither black file neither text of an annotated book part, needs further to detect current operation environment, detects the residing scene of active user.
S203 ', judges that whether active user is in net purchase scene, if not in, let pass, if in, perform step S204 '.
In this embodiment, only just need to carry out safety instruction active user in specific scenes such as net purchases.
S204 ', judges whether this file comprises responsive key word, if comprise, ejects special this file of bubble prompting user suspicious, and in this bubble, comprises the residing scene information of user and fraudulent mean information of forecasting, otherwise, let pass.
Wherein, for different scenes, for the responsive key word difference of mating, for example, under net purchase scene, can, for bill, payment etc., if comprise the key word such as bill or payment in this file, carry out safety instruction for the responsive key word mating.
The mode of carrying out safety instruction has a variety of, and the special bubble of ejection that adopted is in this embodiment a kind of implementation.This special bubble can be only just can eject under net purchase scene user.
Above-mentioned information comprises that current operation environment information is that the residing scene information of active user and fraudulent mean information of forecasting are that what means hacker may utilize swindle, can promote the trusting degree of user to information, make user not believe hacker's induction, thereby trust information, can be not poisoning because carrying out this file.
Above-mentioned mobile terminal, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect operating environment, and can binding operation environment, responsive key word comprehensively judges whether this file is apocrypha, greatly promoted the accuracy rate that file detects; In addition, for apocrypha, not only point out user to have threat, and the residing scene of user is described in bubble, hacker is intended to adopt any means to remove to defraud of user's wealth, thereby promotes the trusting degree of user to information, provides basis for estimation for whether user carries out this file.
In another embodiment of the present invention, processor is also for carrying out following steps:
S301 ', receives file by QQ software, and the file receiving is carried out to virus and detect.
In an embodiment of the present invention, receiving by QQ software after the file of other users' transmissions, the file receiving is carried out to virus detection, thereby can detect the state of file, detecting file is black file, text of an annotated book part or unknown file etc.
Wherein, the file receiving is carried out to viral detection can be: send this file to server, according to this file polling Virus Sample storehouse and non-viral Sample Storehouse, and return to testing result by server; Also can be: by inquiring about local Virus Sample storehouse and non-viral Sample Storehouse, obtain testing result.
S302 ', judges whether this file belongs to Virus Sample storehouse or non-viral Sample Storehouse, if all do not belonged to, detects the residing scene of active user, if belong to Virus Sample storehouse, interception, if belong to non-viral Sample Storehouse, lets pass.
In an embodiment of the present invention, do not belong to Virus Sample storehouse and non-viral Sample Storehouse if detect this file, also this file, neither black file neither text of an annotated book part, needs further to detect current operation environment, detects the residing scene of active user.
S303 ', judges that whether active user is in scene of game, if not in, let pass, if in, perform step S304 '.
In this embodiment, only just need to carry out safety instruction active user in specific scenes such as game.
S304 ', detects that file is from QQ software.
Under different scenes, whether suspicious the source of file is very large on file impact, therefore need to first detect document source.
S305 ', judges whether this file comprises responsive key word, if comprise, this file of bubble prompting user that ejects user-defined format is suspicious, and in this bubble, comprises the residing scene information of user and fraudulent mean information of forecasting, otherwise, let pass.
Wherein, for different scenes, for the responsive key word difference of mating, for example, under scene of game, can, for bill, payment etc., if comprise the key word such as bill or payment in this file, carry out safety instruction for the responsive key word mating.
The mode of carrying out safety instruction has a variety of, and the bubble of the ejection user-defined format that adopted is in this embodiment a kind of implementation.The bubble of this user-defined format can be to have eye-catching mark or have special form, can attract user's attention.
Above-mentioned information comprises that current operation environment information is that the residing scene information of active user and fraudulent mean information of forecasting are that what means hacker may utilize swindle, can promote the trusting degree of user to information, make user not believe hacker's induction, thereby trust information, can be not poisoning because carrying out this file.
Above-mentioned mobile terminal, by being carried out to virus, the file receiving detects, then in the situation that this file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, detect operating environment, and can binding operation environment, responsive key word and document source comprehensively judge whether this file is apocrypha, greatly promoted the accuracy rate that file detects; In addition, for apocrypha, not only point out user to have threat, and the residing scene of user is described in bubble, hacker is intended to adopt any means to remove to defraud of user's wealth, thereby promotes the trusting degree of user to information, provides basis for estimation for whether user carries out this file.
Any process of otherwise describing in process flow diagram or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
The logic and/or the step that in process flow diagram, represent or otherwise describe at this, for example, can be considered to the sequencing list of the executable instruction for realizing logic function, may be embodied in any computer-readable medium, use for instruction execution system, device or equipment (as computer based system, comprise that the system of processor or other can and carry out the system of instruction from instruction execution system, device or equipment instruction fetch), or use in conjunction with these instruction execution systems, device or equipment.With regard to this instructions, " computer-readable medium " can be anyly can comprise, device that storage, communication, propagation or transmission procedure use for instruction execution system, device or equipment or in conjunction with these instruction execution systems, device or equipment.The example more specifically (non-exhaustive list) of computer-readable medium comprises following: the electrical connection section (electronic installation) with one or more wirings, portable computer diskette box (magnetic device), random-access memory (ram), ROM (read-only memory) (ROM), the erasable ROM (read-only memory) (EPROM or flash memory) of editing, fiber device, and portable optic disk ROM (read-only memory) (CDROM).In addition, computer-readable medium can be even paper or other the suitable medium that can print described program thereon, because can be for example by paper or other media be carried out to optical scanning, then edit, decipher or process in electronics mode and obtain described program with other suitable methods if desired, be then stored in computer memory.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in storer and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.
The above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
In the description of this instructions, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, those having ordinary skill in the art will appreciate that: in the situation that not departing from principle of the present invention and aim, can carry out multiple variation, amendment, replacement and modification to these embodiment, scope of the present invention is by claim and be equal to and limit.
Claims (20)
1. a safety instruction method, is characterized in that, comprising:
Receive file, and the described file receiving is carried out to virus and detect;
If described file does not belong to Virus Sample storehouse and non-viral Sample Storehouse, further detect current operation environment; And
If it is pre-conditioned that described current operation environment meets, carry out safety instruction.
2. method according to claim 1, is characterized in that, if described current operation environment meet pre-conditioned after, described carry out safety instruction before, also comprise:
Described file is carried out to responsive keyword match, and determine that described file matches responsive key word.
3. method according to claim 1, is characterized in that, described in carry out safety instruction and comprise:
By ejecting the suspicious information of prompting frame display file of default form or user-defined format.
4. method according to claim 1, is characterized in that, the described described file to reception carries out virus detection and comprises:
Send the detection request of corresponding described file to server, receive the testing result that described server returns.
5. method according to claim 1, is characterized in that, the described described file to reception carries out virus detection and comprises:
Extract the eigenwert of the described file receiving, based on described eigenwert, described file is carried out to virus and detect.
6. method according to claim 2, is characterized in that, describedly described file is carried out to responsive keyword match comprises:
Know the source of described file, according to described source, described file is carried out to responsive keyword match.
7. method according to claim 2, is characterized in that, describedly described file is carried out to responsive keyword match comprises:
The content of described file is carried out to responsive keyword match.
8. method according to claim 3, is characterized in that, described information comprises current operation environment information and fraudulent mean information of forecasting.
9. method according to claim 3, is characterized in that, the prompting frame of described user-defined format is with predetermined flag.
10. method according to claim 3, is characterized in that, the described suspicious information of prompting frame display file by ejection user-defined format comprises:
The prompting frame corresponding with different operating environment difference is set; And
Show described information by ejecting the prompting frame corresponding with current operation environment.
11. 1 kinds of safety reminding devices, is characterized in that, comprising:
First detection module, for receiving file, and carries out virus to the described file receiving and detects;
The second detection module, if do not belong to Virus Sample storehouse and non-viral Sample Storehouse for described file, further detects current operation environment; And
Reminding module, pre-conditioned if the described current operation environment detecting for described the second detection module meets, carry out safety instruction.
12. devices according to claim 11, it is characterized in that, described reminding module, also for: if described current operation environment meet pre-conditioned after, described file is carried out to responsive keyword match, and determine that described file matches responsive key word.
13. devices according to claim 11, is characterized in that, described reminding module, specifically for:
By ejecting the suspicious information of prompting frame display file of default form or user-defined format.
14. devices according to claim 11, is characterized in that, described first detection module, specifically for:
Send the detection request of corresponding described file to server, receive the testing result that described server returns.
15. devices according to claim 11, is characterized in that, described first detection module, specifically for:
Extract the eigenwert of the described file receiving, based on described eigenwert, described file is carried out to virus and detect.
16. devices according to claim 12, is characterized in that, described reminding module, specifically for:
Know the source of described file, according to described source, described file is carried out to responsive keyword match.
17. devices according to claim 12, is characterized in that, described reminding module, specifically for:
The content of described file is carried out to responsive keyword match.
18. devices according to claim 13, is characterized in that, described information comprises current operation environment information and fraudulent mean information of forecasting.
19. devices according to claim 13, is characterized in that, the prompting frame of described user-defined format is with predetermined flag.
20. devices according to claim 13, is characterized in that, described reminding module, specifically for:
The prompting frame corresponding with different operating environment difference is set; And
Show described information by ejecting the prompting frame corresponding with current operation environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410073921.0A CN103853980A (en) | 2014-02-28 | 2014-02-28 | Safety prompting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410073921.0A CN103853980A (en) | 2014-02-28 | 2014-02-28 | Safety prompting method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103853980A true CN103853980A (en) | 2014-06-11 |
Family
ID=50861624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410073921.0A Pending CN103853980A (en) | 2014-02-28 | 2014-02-28 | Safety prompting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103853980A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219225A (en) * | 2014-07-31 | 2014-12-17 | 珠海市君天电子科技有限公司 | Worm virus detection and prevention method and system |
| CN112422739A (en) * | 2020-11-10 | 2021-02-26 | 南京中孚信息技术有限公司 | Method and system for monitoring file content received by mobile terminal in real time |
| CN113468264A (en) * | 2021-05-20 | 2021-10-01 | 杭州趣链科技有限公司 | Block chain based poisoning defense and poisoning source tracing federal learning method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102164138A (en) * | 2011-04-18 | 2011-08-24 | 奇智软件(北京)有限公司 | Method for ensuring network security of user and client |
| CN102769632A (en) * | 2012-07-30 | 2012-11-07 | 珠海市君天电子科技有限公司 | Method and system for grading detection and prompt of fishing website |
| CN102930214A (en) * | 2012-10-29 | 2013-02-13 | 珠海市君天电子科技有限公司 | Method and device for proving risk prompts against unknown shopping website |
| CN102945349A (en) * | 2012-10-19 | 2013-02-27 | 北京奇虎科技有限公司 | Method and device for processing unknown files |
| CN103605924A (en) * | 2013-11-28 | 2014-02-26 | 北京奇虎科技有限公司 | Method and device for preventing malicious program from attacking online payment page |
-
2014
- 2014-02-28 CN CN201410073921.0A patent/CN103853980A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102164138A (en) * | 2011-04-18 | 2011-08-24 | 奇智软件(北京)有限公司 | Method for ensuring network security of user and client |
| CN102769632A (en) * | 2012-07-30 | 2012-11-07 | 珠海市君天电子科技有限公司 | Method and system for grading detection and prompt of fishing website |
| CN102945349A (en) * | 2012-10-19 | 2013-02-27 | 北京奇虎科技有限公司 | Method and device for processing unknown files |
| CN102930214A (en) * | 2012-10-29 | 2013-02-13 | 珠海市君天电子科技有限公司 | Method and device for proving risk prompts against unknown shopping website |
| CN103605924A (en) * | 2013-11-28 | 2014-02-26 | 北京奇虎科技有限公司 | Method and device for preventing malicious program from attacking online payment page |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219225A (en) * | 2014-07-31 | 2014-12-17 | 珠海市君天电子科技有限公司 | Worm virus detection and prevention method and system |
| CN104219225B (en) * | 2014-07-31 | 2020-04-03 | 珠海豹趣科技有限公司 | Detection and defense method and system for worm virus |
| CN112422739A (en) * | 2020-11-10 | 2021-02-26 | 南京中孚信息技术有限公司 | Method and system for monitoring file content received by mobile terminal in real time |
| CN113468264A (en) * | 2021-05-20 | 2021-10-01 | 杭州趣链科技有限公司 | Block chain based poisoning defense and poisoning source tracing federal learning method and device |
| CN113468264B (en) * | 2021-05-20 | 2024-02-20 | 杭州趣链科技有限公司 | Block chain-based federal learning method and device for poisoning defense and poisoning traceability |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US9953162B2 (en) | Rapid malware inspection of mobile applications | |
| Sun et al. | DroidEagle: Seamless detection of visually similar Android apps | |
| CN104468249B (en) | Account abnormity detection method and device | |
| US10904286B1 (en) | Detection of phishing attacks using similarity analysis | |
| CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
| CN108875364B (en) | Threat determination method and device for unknown file, electronic device and storage medium | |
| CN109344611B (en) | Application access control method, terminal equipment and medium | |
| JP2019502192A (en) | Method and device for application information risk management | |
| WO2018233155A1 (en) | Instant messaging method and device | |
| CN113973012B (en) | Threat detection method and device, electronic equipment and readable storage medium | |
| CN113259321A (en) | System and method for verifying security awareness of personnel on network attack and utilization | |
| CN103853980A (en) | Safety prompting method and device | |
| CN110209925A (en) | Using method for pushing, device, computer equipment and storage medium | |
| CN104239792A (en) | Cloud-based two-dimension code safety protecting method and device | |
| CN114207613A (en) | Techniques for an energized intrusion detection system | |
| CN110740117B (en) | Counterfeit domain name detection method and device, electronic equipment and storage medium | |
| CN110659493A (en) | Method and device for generating threat alarm mode, electronic equipment and storage medium | |
| CN109088872A (en) | Application method, device, electronic equipment and the medium of cloud platform with service life | |
| CN111027065B (en) | Leucavirus identification method and device, electronic equipment and storage medium | |
| CN110932960A (en) | Social software-based fraud prevention method, server and system | |
| CN110611675A (en) | Vector magnitude detection rule generation method and device, electronic equipment and storage medium | |
| CN104951715A (en) | Information processing method and electronic equipment | |
| CN103839004A (en) | Method and equipment for detecting malicious files | |
| CN110875919B (en) | Network threat detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140611 |
|
| RJ01 | Rejection of invention patent application after publication |