CN104346569A - Method and device for identifying malicious advertisements in mobile terminal and mobile terminal - Google Patents

Method and device for identifying malicious advertisements in mobile terminal and mobile terminal Download PDF

Info

Publication number
CN104346569A
CN104346569A CN201310329831.9A CN201310329831A CN104346569A CN 104346569 A CN104346569 A CN 104346569A CN 201310329831 A CN201310329831 A CN 201310329831A CN 104346569 A CN104346569 A CN 104346569A
Authority
CN
China
Prior art keywords
announcement information
application program
content
occurrence
frequency
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310329831.9A
Other languages
Chinese (zh)
Other versions
CN104346569B (en
Inventor
张楠
苏海峰
焦国强
陈勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Internet Security Software Co Ltd
Conew Network Technology Beijing Co Ltd
Shell Internet Beijing Security Technology Co Ltd
Zhuhai Juntian Electronic Technology Co Ltd
Beijing Kingsoft Internet Science and Technology Co Ltd
Original Assignee
Beijing Kingsoft Internet Security Software Co Ltd
Conew Network Technology Beijing Co Ltd
Shell Internet Beijing Security Technology Co Ltd
Zhuhai Juntian Electronic Technology Co Ltd
Beijing Kingsoft Internet Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Internet Security Software Co Ltd, Conew Network Technology Beijing Co Ltd, Shell Internet Beijing Security Technology Co Ltd, Zhuhai Juntian Electronic Technology Co Ltd, Beijing Kingsoft Internet Science and Technology Co Ltd filed Critical Beijing Kingsoft Internet Security Software Co Ltd
Priority to CN201310329831.9A priority Critical patent/CN104346569B/en
Priority to PCT/CN2014/083450 priority patent/WO2015014299A1/en
Publication of CN104346569A publication Critical patent/CN104346569A/en
Application granted granted Critical
Publication of CN104346569B publication Critical patent/CN104346569B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a method and a device for identifying malicious advertisements in a mobile terminal and the mobile terminal. The method comprises the following steps: acquiring an application program running in the mobile terminal; monitoring a notification bar of the mobile terminal to determine notification information corresponding to the application program; and determining whether the application program ejects the malicious advertisements according to the occurrence frequency of the notification information and/or the content of the notification information. The method of the embodiment of the invention determines the notification information corresponding to the application program by monitoring the notification bar of the mobile terminal, and determines whether the application program pops up the malicious advertisements or not according to the occurrence frequency of the notification information and/or the content of the notification information, so that the application program which can pop up the malicious advertisements can be accurately identified, the defect of judging the malicious advertisements by extracting a code feature matching technology is effectively overcome, and the identification efficiency of the malicious advertisements is improved.

Description

The malice recognition methods of advertisement, device and mobile terminal in mobile terminal
Technical field
The present invention relates to mobile security technical field, refer to the recognition methods of malice advertisement in a kind of mobile terminal, device and mobile terminal especially.
Background technology
Along with the fast development of mobile Internet and progressively popularizing of mobile terminal, the virus of mobile terminal is also day by day savage.And malice advertisement accounts for most in the Malware behavior of the operating system of current mobile terminal, a large amount of flow of loss user usually can be caused and interference user normally uses.
At present, in mobile terminal, first the recognition methods of Malware is decompiled into plaintext code usually, then judges whether it has malicious act by extracting code characteristic.
Through the analysis to prior art, inventor finds at least there is following problem in prior art: Malware recognition efficiency is low, and along with the Code obfuscation of malice advertisement resists, viral production person be encrypted software program, out mess code entirely to make software program decompiling, None-identified malicious act, thus make extraction code characteristic matching technique seem that some is weak when this kind of malice advertisement of identification.
Summary of the invention
The present invention is intended at least one of solve the problems of the technologies described above.
For this reason, first object of the present invention is the recognition methods proposing malice advertisement in a kind of mobile terminal.The method can identify the application program that can eject malice advertisement exactly, effectively compensate for the deficiency judging malice advertisement by extracting code characteristic matching technique, improves the recognition efficiency of malice advertisement.
Second object of the present invention is the recognition device proposing malice advertisement in a kind of mobile terminal.
3rd object of the present invention is to propose a kind of mobile terminal.
To achieve these goals, in the mobile terminal of first aspect present invention embodiment, the recognition methods of malice advertisement comprises the following steps: obtain the application program run in mobile terminal; Monitor the informing of described mobile terminal to determine the announcement information that described application program is corresponding; And determine whether described application program ejects malice advertisement according to the frequency of occurrence of described announcement information and/or the content of described announcement information.
According to the recognition methods of malice advertisement in the mobile terminal of the embodiment of the present invention, by monitoring the informing of mobile terminal to determine the announcement information that application program is corresponding, and whether eject malice advertisement according to the frequency of occurrence of announcement information and/or the content determination application program of announcement information, the application program that can eject malice advertisement can be identified exactly, effectively compensate for the deficiency judging malice advertisement by extracting code characteristic matching technique, improve the recognition efficiency of malice advertisement.
To achieve these goals, the recognition device of malice advertisement in the mobile terminal of second aspect present invention embodiment, comprising: acquisition module, for obtaining the application program run in mobile terminal; Monitoring module, for monitoring the informing of described mobile terminal to determine the announcement information that described application program is corresponding; And determination module, for determining according to the frequency of occurrence of described announcement information and/or the content of described announcement information whether described application program ejects malice advertisement.
According to the recognition device of malice advertisement in the mobile terminal of the embodiment of the present invention, the informing of mobile terminal is monitored to determine the announcement information that application program is corresponding by monitoring module, whether determination module ejects malice advertisement according to the content determination application program of the frequency of occurrence of announcement information and/or announcement information, the application program that can eject malice advertisement can be identified exactly, effectively compensate for the deficiency judging malice advertisement by extracting code characteristic matching technique, improve the recognition efficiency of malice advertisement.
To achieve these goals, the mobile terminal of third aspect present invention embodiment, comprising: shell, processor and circuit board; Described circuit board is placed in the interior volume that described shell surrounds, and described processor is arranged on described circuit board; Described processor is used for running application; By monitoring the informing of described mobile terminal to determine the announcement information that described application program is corresponding; And determine whether described application program ejects malice advertisement according to the frequency of occurrence of described announcement information and/or the content of described announcement information.
According to the mobile terminal of the embodiment of the present invention, by monitoring the informing of mobile terminal to determine the announcement information that application program is corresponding, and whether eject malice advertisement according to the frequency of occurrence of announcement information and/or the content determination application program of announcement information, the application program that can eject malice advertisement can be identified exactly, effectively compensate for the deficiency judging malice advertisement by extracting code characteristic matching technique, improve the recognition efficiency of malice advertisement.
The aspect that the present invention adds and advantage will part provide in the following description, and part will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or additional aspect and advantage will become obvious and easy understand from the following description of the accompanying drawings of embodiments, wherein,
Fig. 1 is the process flow diagram of the recognition methods of malice advertisement in mobile terminal according to an embodiment of the invention;
Fig. 2 is the process flow diagram of the recognition methods of malice advertisement in mobile terminal in accordance with another embodiment of the present invention;
Fig. 3 is the process flow diagram of the recognition methods of malice advertisement in the mobile terminal according to another embodiment of the present invention;
Fig. 4 is the structured flowchart of the recognition device of malice advertisement in mobile terminal according to an embodiment of the invention;
Fig. 5 is the structured flowchart of the recognition device of malice advertisement in mobile terminal in accordance with another embodiment of the present invention.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Being exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not limitation of the present invention being interpreted as.On the contrary, embodiments of the invention comprise fall into attached claims spirit and intension within the scope of all changes, amendment and equivalent.
In describing the invention, it is to be appreciated that term " first ", " second " etc. are only for describing object, and instruction or hint relative importance can not be interpreted as.In describing the invention, it should be noted that, unless otherwise clearly defined and limited, term " is connected ", " connection " should be interpreted broadly, such as, can be fixedly connected with, also can be removably connect, or connect integratedly; Can be mechanical connection, also can be electrical connection; Can be directly be connected, also indirectly can be connected by intermediary.For the ordinary skill in the art, concrete condition above-mentioned term concrete meaning in the present invention can be understood.In addition, in describing the invention, except as otherwise noted, the implication of " multiple " is two or more.
Describe and can be understood in process flow diagram or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
Below with reference to the accompanying drawings the recognition methods of malice advertisement in the mobile terminal according to the embodiment of the present invention, device and mobile terminal are described.
In order to solve at present by extracting the problem of the malice advertisement in the malicious software program of the encrypted mistake of code characteristic matching technique None-identified, to solve in current mobile terminal the inefficient problem of recognition methods of malice advertisement, the present invention proposes the recognition methods of malice advertisement in a kind of mobile terminal, device and mobile terminal simultaneously.
Fig. 1 is the process flow diagram of the recognition methods of malice advertisement in mobile terminal according to an embodiment of the invention.As shown in Figure 1, in mobile terminal, the recognition methods of malice advertisement comprises the following steps.
S101, obtains the application program run in mobile terminal.
In one embodiment of the invention, mobile terminal can be the hardware device that mobile phone, panel computer, personal digital assistant, e-book etc. have various operating system, and can run application, and also has the function that network connects.
S102, the informing of monitoring mobile terminal is to determine the announcement information that application program is corresponding.
Wherein, announcement information can comprise md5 value (Message Digest Algorithm5, informative abstract value), digital signature md5 value, title, bag name, stack name, the information content etc. of application program.
Whether S103, eject malice advertisement according to the frequency of occurrence of announcement information and/or the content determination application program of announcement information.
Particularly, malice advertisement can whether be ejected according to the content determination application program of the frequency of occurrence of announcement information and announcement information.Thus, improve the accuracy rate that recognition application can eject malice advertisement.Be to be understood that, the content determination application program of the frequency of occurrence of announcement information or announcement information can also be selected whether to eject malice advertisement, wherein, whether eject malice advertisement according to the frequency of occurrence of announcement information and the content determination application program of announcement information to describe in detail in follow-up embodiment, whether ejecting malice advertisement according to the frequency of occurrence of announcement information or the content determination application program of announcement information can understand according to follow-up embodiment correspondence.
According to the recognition methods of malice advertisement in the mobile terminal of the embodiment of the present invention, by monitoring the informing of mobile terminal to determine the announcement information that application program is corresponding, and whether eject malice advertisement according to the frequency of occurrence of announcement information and/or the content determination application program of announcement information, the application program that can eject malice advertisement can be identified exactly, effectively compensate for the deficiency judging malice advertisement by extracting code characteristic matching technique, improve the recognition efficiency of malice advertisement.
Fig. 2 is the process flow diagram of the recognition methods of malice advertisement in mobile terminal in accordance with another embodiment of the present invention.If the content of announcement information meets pre-conditioned, or the frequency of occurrence of announcement information exceedes threshold values, then determine that application program ejects malice advertisement.Particularly, as shown in Figure 2, in mobile terminal, the recognition methods of malice advertisement comprises the following steps.
S201, obtains the application program run in mobile terminal.
S202, the informing of monitoring mobile terminal is to determine the announcement information that application program is corresponding.
S203, judges whether the frequency of occurrence of announcement information exceedes threshold value, if the frequency of occurrence of announcement information exceedes threshold values, then continues to perform S205.
Wherein, threshold values can for system default setting, also can be mobile phone users oneself set.Such as, threshold value is 5, and the frequency of occurrence of announcement information is greater than 5, then think that corresponding application program harasses user frequently, can determine that the announcement information that this application program ejects is malice advertisement.
S204, if the frequency of occurrence of announcement information does not exceed threshold value, then judges whether the content of announcement information meets pre-conditioned further.
In one embodiment of the invention, pre-conditionedly to comprise: the content of announcement information comprises malice word, announcement information can not be removed, announcement information does not have the content pushing source or announcement information and comprises risk character string etc.Particularly, can judge whether the content of announcement information comprises malice word according to malice dictionary, whether can remove according to the mark of announcement information or this announcement information of determined property, judge whether this announcement information has propelling movement source according to whether comprising corresponding application name in the content of announcement information, judge whether the content of announcement information comprises risk character string according to risk character string storehouse, wherein, malice word can comprise the word of harmful content, such as, anti-government, obscene word etc., risk character string can be frequent eject notification information and the content of announcement information comprises malice word, filter out and download, the character string obtained after the normal character string such as successful installation.
In one embodiment of the invention, judge that announcement information does not have propelling movement source and specifically comprises: the content information obtaining announcement information; Obtain the character of predetermined number in content information; Judge the title whether comprising corresponding application program in the character of predetermined number; And if do not comprise, then determine announcement information do not have push source.Such as, predetermined number is 120,120 characters are obtained from content information, judge the title whether comprising corresponding application program in these 120 characters, if do not comprised, then can determine that corresponding announcement information does not have and push source, thus the application program determining not have the announcement information that pushes source corresponding can eject malice advertisement, makes recognition result more accurate.
S205, if meet pre-conditioned, then determines that application program ejects malice advertisement.
Particularly, if the content of announcement information meets pre-conditioned, then can determine that corresponding application program ejects malice advertisement.Such as, if judge that the content of announcement information comprises malice word, according to the mark of announcement information or this announcement information of determined property can not be removed, judge that this announcement information does not have and push source according to not comprising corresponding application name in the content of announcement information or judge that the content of announcement information comprises risk character string according to risk character string storehouse, then can determine that corresponding application program can eject maliciously advertisement according to malice dictionary.
According to the recognition methods of malice advertisement in the mobile terminal of the embodiment of the present invention, if the content of announcement information meets pre-conditioned, or the frequency of occurrence of announcement information exceedes threshold values, then can determine that corresponding application program can eject malice advertisement, improve accuracy rate.
In one embodiment of the invention, in order to improve accuracy, screening is needed to the announcement information first-selection that monitoring informing obtains, and record qualified announcement information, namely particularly, judging the frequency of occurrence of announcement information also comprises before S203 before whether exceeding threshold values: in detection notice information, whether comprise white character string; If comprise white character string, then do not record corresponding announcement information; If do not comprise white character string, then judge whether the content-length of announcement information is 0 further; And if content-length is not 0, then the frequency of occurrence of announcement information application program ejected increases by 1.
Wherein, white character string can be the character string in the content of normal system announcement information, such as, downloads, successful installation etc.
Particularly, if when the content-length of announcement information is 0, then do not record corresponding announcement information, namely the Word message in informing is not got, now announcement information may be picture etc., if when the content-length of announcement information is not 0, then the frequency of occurrence of announcement information corresponding for application program is increased by 1.Thus, the frequency of occurrence of announcement information can be obtained, whether to eject malice advertisement according to the frequency of occurrence determination application program of announcement information, make recognition effect more accurate.
In an embodiment of the invention, in order to improve accuracy rate further, the stack name and application name of monitoring the announcement information that informing obtains are judged, thus determine whether corresponding application program ejects malice advertisement, particularly, judge the occurrence number of announcement information exceed threshold values and/or judge the content of announcement information meet pre-conditioned after namely also comprise after S203 and/or S205: judge whether the stack name of announcement information exists in black stack list; If existed in black stack list, then judge whether the application name of announcement information exists in white signature list further; And if there is no sign in list in vain, then determine that application program ejects malice advertisement.Wherein, black stack can comprise harmful content (such as ejecting, anti-government, obscene word etc.) advertisement SDK(Software Development Kit, SDK (Software Development Kit)) the stack name of corresponding program stack, white signature list can comprise without eject notification information application name, eject the application name etc. of normal announcement information.Thus, the accuracy rate of recognition result is further increased.
Namely in one embodiment of the invention, in order to expand the coverage rate in risk character string storehouse, judging that the frequency of occurrence of announcement information also comprises after S203 after exceeding threshold values: the content of announcement information is added in risk character string storehouse.Particularly, when judging that the frequency of occurrence of announcement information exceedes threshold values, the content of announcement information can be added in risk character string storehouse.Thus, the coverage rate in risk character string storehouse is expanded.
In one embodiment of the invention, in order to expand black stack list, further raising recognition efficiency, in mobile terminal, the recognition methods of malice advertisement also comprises: if the content of announcement information comprises malice word, then stack name corresponding for announcement information be added in black stack list.Particularly, judge in the content of the announcement information that application program is corresponding, whether to comprise malice word according to pre-conditioned, if comprise malice word, namely comprise harmful content, then can determine that this application program ejects malice advertisement, and stack name corresponding for this announcement information is added in black stack list.Thus, expand black stack list, further increase recognition efficiency.
In another embodiment of the present invention, the stack name length being added into announcement information in black stack list corresponding need exceed preset length, and do not comprise specific character string in this stack name, such as, ijinshan, tencent etc., if the stack name that announcement information is corresponding comprises specific character string, then this stack name is not black stack, namely can not judge that corresponding application program ejects malice advertisement.Thus, ensure that the reliability of black stack list.
Fig. 3 is the process flow diagram of the recognition methods of malice advertisement in the mobile terminal according to another embodiment of the present invention.If determine that application program ejects malice advertisement, then by the malice ad-delivery of application program and/or correspondence to cloud server.Particularly, as shown in Figure 3, in mobile terminal, the recognition methods of malice advertisement comprises the following steps.
S301, obtains the application program run in mobile terminal.
S302, the informing of monitoring mobile terminal is to determine the announcement information that application program is corresponding.
S303, judges whether the frequency of occurrence of announcement information exceedes threshold value, if the frequency of occurrence of announcement information exceedes threshold values, then continues to perform S305.
S304, if the frequency of occurrence of announcement information does not exceed threshold value, then judges whether the content of announcement information meets pre-conditioned further.
S305, if meet pre-conditioned, then determines that application program ejects malice advertisement.
S306, by the malice ad-delivery of application program and/or correspondence to cloud server.
Particularly, after determining that application program ejects malice advertisement, one or more in application program, corresponding malice advertisement, corresponding announcement information etc. can be connected by network and be sent to cloud server, obtain the application information that can eject malice advertisement to make cloud server.Wherein, network connection can be 2G(Second Generation, Generation Mobile Telecommunication System technology), 3G(3rd-Generation, G mobile communication), WiFi(wireless fidelity, Wireless Fidelity), WiMax(Worldwide Interoperability for Microwave Access, worldwide interoperability for microwave access) etc.
According to the recognition methods of malice advertisement in the mobile terminal of the embodiment of the present invention, if determine that application program ejects malice advertisement, then one or more in application program, corresponding malice advertisement, corresponding announcement information etc. are sent to cloud server, the application information that can eject malice advertisement is obtained to make cloud server, when user download and install this can eject malice advertisement application program time, cloud server can send reminder message with reminding user to the mobile terminal of correspondence, improves Consumer's Experience.
In order to realize above-described embodiment, the present invention also proposes the recognition device of malice advertisement in a kind of mobile terminal.
Fig. 4 is the structured flowchart of the recognition device of malice advertisement in mobile terminal according to an embodiment of the invention.As shown in Figure 4, in mobile terminal, the recognition device of malice advertisement comprises: acquisition module 10, monitoring module 20 and determination module 30.
Particularly, acquisition module 10 is for obtaining the application program run in mobile terminal.In one embodiment of the invention, mobile terminal can be the hardware device that mobile phone, panel computer, personal digital assistant, e-book etc. have various operating system, and can run application, and also has the function that network connects.
Monitoring module 20 is for monitoring the informing of mobile terminal to determine the announcement information that application program is corresponding.Wherein, announcement information can comprise the md5 value, digital signature md5 value, title, bag name, stack name, the information content etc. of application program.
Whether determination module 30 is for ejecting malice advertisement according to the frequency of occurrence of announcement information and/or the content determination application program of announcement information.More specifically, whether determination module 30 can eject malice advertisement according to the content determination application program of the frequency of occurrence of announcement information and announcement information.Thus, the accuracy rate that recognition application can eject malice advertisement is provided.Be to be understood that, whether the content determination application program of the frequency of occurrence of announcement information or announcement information of can also selecting determination module 30 ejects malice advertisement, wherein, whether eject malice advertisement according to the frequency of occurrence of announcement information and the content determination application program of announcement information to describe in detail in follow-up embodiment, whether ejecting malice advertisement according to the frequency of occurrence of announcement information or the content determination application program of announcement information can understand according to follow-up embodiment correspondence.
According to the recognition device of malice advertisement in the mobile terminal of the embodiment of the present invention, the informing of mobile terminal is monitored to determine the announcement information that application program is corresponding by monitoring module, whether determination module ejects malice advertisement according to the content determination application program of the frequency of occurrence of announcement information and/or announcement information, the application program that can eject malice advertisement can be identified exactly, effectively compensate for the deficiency judging malice advertisement by extracting code characteristic matching technique, improve the recognition efficiency of malice advertisement.
In one embodiment of the invention, determination module 30 specifically for: judge whether the frequency of occurrence of announcement information exceedes threshold values, and when the frequency of occurrence of announcement information exceedes threshold values, determine that application program ejects malice advertisement, and when the frequency of occurrence of announcement information does not exceed threshold values, judge whether the content of announcement information meets pre-conditioned further, and when the content of announcement information meets pre-conditioned, determine that application program ejects malice advertisement.Wherein, threshold values can for system default setting, also can be that mobile phone users oneself sets, such as, threshold values is 5, pre-conditionedly to comprise: the content of announcement information comprises malice word, announcement information can not be removed, announcement information does not have propelling movement source or announcement information content comprises risk character string etc., particularly, can judge whether the content of announcement information comprises malice word according to malice dictionary, whether can remove according to the mark of announcement information or this announcement information of determined property, judge whether this announcement information has propelling movement source according to whether comprising corresponding application name in the content of announcement information, judge whether the content of announcement information comprises risk character string according to risk character string, malice word can comprise the word of harmful content, such as, anti-government, obscene word etc., risk character string can be frequent eject notification information and the content of announcement information comprises malice word, filter out and download, the character string obtained after the normal character string such as successful installation.Thus, improve the accuracy rate of recognition result.
In order to make recognition result more accurate, need judge whether announcement information has and push source, in one embodiment of the invention, determination module 30 is also specifically for obtaining the content information of announcement information, and obtain the character of predetermined number in content information, and judge the title whether comprising corresponding application program in the character of predetermined number further, and when not comprising the title of corresponding application program, determining that announcement information does not have and pushing source.Such as, predetermined number is 120,120 characters are obtained from content information, judge the title whether comprising corresponding application program in these 120 characters, if do not comprised, then determination module 30 can be determined that corresponding announcement information does not have and pushes source, thus the application program determining not have the announcement information that pushes source corresponding can eject malice advertisement, makes recognition result more accurate.
In one embodiment of the invention, determination module 30 also specifically for: before judging whether the frequency of occurrence of announcement information exceedes threshold values, white character string whether is comprised in detection notice information, and when comprising white character string, do not record corresponding announcement information, and when not comprising white character string, judge whether the content-length of announcement information is 0 further, and when content-length is not 0, the frequency of occurrence of announcement information application program ejected increases by 1.Wherein, white character string can be the character string in the content of normal system announcement information, such as, downloads, successful installation etc.
Particularly, if when the content-length of announcement information is 0, then determination module 30 does not record corresponding announcement information, namely the Word message in informing is not got, now announcement information may be picture etc., if when the content-length of announcement information is not 0, then the frequency of occurrence of announcement information corresponding for application program is increased by 1 by determination module 30.Thus, the frequency of occurrence of announcement information can be obtained, whether to eject malice advertisement according to the frequency of occurrence determination application program of announcement information, make recognition effect more accurate.
In one embodiment of the invention, determination module 30 also specifically for: judge the frequency of occurrence of announcement information exceed threshold value and/or judgement meet pre-conditioned after, judge whether the stack name of announcement information exists in black stack list, and when existing in black stack list, judge whether the application name of announcement information exists in white signature list further, and when not existing in white signature list, determine that application program ejects malice advertisement.Wherein, black stack can comprise harmful content (such as ejecting, anti-government, obscene word etc.) the stack name of program stack that advertisement SDK is corresponding, white signature list can comprise without eject notification information application name, eject the application name etc. of normal announcement information.Thus, the accuracy rate of recognition result is further increased.
In one embodiment of the invention, determination module 30 also specifically for: after judging that the frequency of occurrence of announcement information exceedes threshold values, the content of announcement information is added in risk character string storehouse.Particularly, when judging that the frequency of occurrence of announcement information exceedes threshold values, the content of announcement information can be added in risk character string storehouse by determination module 30.Thus, the coverage rate of risk character string is expanded.
In one embodiment of the invention, determination module 30 also specifically for: the content of announcement information comprise malice word time, stack name corresponding for announcement information is added in black stack list.Particularly, judge in the content of the announcement information that application program is corresponding, whether to comprise malice word according to pre-conditioned, if comprise malice word, namely comprise harmful content, determination module 30 can determine that this application program ejects malice advertisement, and stack name corresponding for this announcement information is added in black stack list.Thus, expand black stack list, further increase recognition efficiency.
In another embodiment of the present invention, the stack name length being added into announcement information in black stack list corresponding need exceed preset length, and do not comprise specific character string in this stack name, such as, ijinshan, tencent etc., if the stack name that announcement information is corresponding comprises specific character string, then this stack name is not black stack, namely can not judge that corresponding application program ejects malice advertisement.Thus, ensure that the reliability of black stack list.
Fig. 5 is the structured flowchart of the recognition device of malice advertisement in mobile terminal in accordance with another embodiment of the present invention.As shown in Figure 5, in mobile terminal, the recognition device of malice advertisement comprises: acquisition module 10, monitoring module 20, determination module 30 and sending module 40.
Particularly, sending module 40 for when determining that application program ejects malice advertisement, by the malice ad-delivery of application program and/or correspondence to cloud server.More specifically, after determining that application program ejects malice advertisement, one or more in application program, corresponding malice advertisement, corresponding announcement information etc. can be sent to cloud server by network connection by sending module 40, obtain the application information that can eject malice advertisement to make cloud server.Wherein, network connection can be 2G, 3G, WiFi, WiMax etc.
According to the recognition device of malice advertisement in the mobile terminal of the embodiment of the present invention, by sending module after determining that application program ejects malice advertisement, one or more in application program, corresponding malice advertisement, corresponding announcement information etc. can be sent to cloud server, the application information that can eject malice advertisement is obtained to make cloud server, when user download and install this can eject malice advertisement application program time, cloud server can send reminder message with reminding user to the mobile terminal of correspondence, improves Consumer's Experience.
In order to realize above-described embodiment, the present invention also proposes a kind of mobile terminal.
A kind of mobile terminal, comprising: shell, processor and circuit board; Circuit board is placed in the interior volume that shell surrounds, and processor is arranged on circuit boards; Processor is used for:
Run application, and by monitoring mobile terminal informing to determine the announcement information that application program is corresponding, and according to the frequency of occurrence of announcement information and/or the content determination application program of announcement information whether eject malice advertisement.Wherein, mobile terminal can be the hardware device that mobile phone, panel computer, personal digital assistant, e-book etc. have various operating system, and can run application, also have the function that network connects, announcement information can comprise the md5 value, digital signature md5 value, title, bag name, stack name, the information content etc. of application program.
Particularly, malice advertisement can whether be ejected according to the content determination application program of the frequency of occurrence of announcement information and announcement information.Thus, the accuracy rate that recognition application can eject malice advertisement is provided.Be to be understood that, the content determination application program of the frequency of occurrence of announcement information or announcement information can also be selected whether to eject malice advertisement, wherein, whether eject malice advertisement according to the frequency of occurrence of announcement information and the content determination application program of announcement information to describe in detail in follow-up embodiment, whether ejecting malice advertisement according to the frequency of occurrence of announcement information or the content determination application program of announcement information can understand according to follow-up embodiment correspondence.
According to the mobile terminal of the embodiment of the present invention, by monitoring the informing of mobile terminal to determine the announcement information that application program is corresponding, and whether eject malice advertisement according to the frequency of occurrence of announcement information and/or the content determination application program of announcement information, the application program that can eject malice advertisement can be identified exactly, effectively compensate for the deficiency judging malice advertisement by extracting code characteristic matching technique, improve the recognition efficiency of malice advertisement.
In one embodiment of the invention, processor also specifically for: judge whether the frequency of occurrence of announcement information exceedes threshold values, and when the frequency of occurrence of announcement information exceedes threshold value, determine that application program ejects malice advertisement, and when the frequency of occurrence of announcement information does not exceed threshold value, judge whether the content of announcement information meets pre-conditioned further, and when meeting pre-conditioned, determine that application program ejects malice advertisement.Wherein, threshold values can for system default setting, also can be that mobile phone users oneself sets, such as, threshold values is 5, pre-conditionedly to comprise: the content of announcement information comprises malice word, announcement information can not be removed, announcement information does not have propelling movement source or announcement information content comprises risk character string etc., particularly, can judge whether the content of announcement information comprises malice word according to malice dictionary, whether can remove according to the mark of announcement information or this announcement information of determined property, judge whether this announcement information has propelling movement source according to whether comprising corresponding application name in the content of announcement information, judge whether the content of announcement information comprises risk character string according to risk character string, malice word can comprise the word of harmful content, such as, anti-government, obscene word etc., risk character string can be frequent eject notification information and the content of announcement information comprises malice word, filter out and download, the character string obtained after the normal character string such as successful installation.Thus, improve the accuracy rate of recognition result.
In order to make recognition result more accurate, need judge whether announcement information has and push source, in one embodiment of the invention, processor also specifically for: obtain the content information of announcement information, and obtain the character of predetermined number in content information, and judge the title whether comprising corresponding application program in the character of predetermined number further, and when not comprising the title of corresponding application program, determining that announcement information does not have and pushing source.Such as, predetermined number is 120,120 characters are obtained from content information, judge the title whether comprising corresponding application program in these 120 characters, if do not comprised, then processor can be determined that corresponding announcement information does not have and pushes source, thus the application program determining not have the announcement information that pushes source corresponding can eject malice advertisement, makes recognition result more accurate.
In one embodiment of the invention, processor also specifically for: before judging whether the frequency of occurrence of announcement information exceedes threshold values, white character string whether is comprised in detection notice information, and when comprising white character string, do not record corresponding announcement information, and when not comprising white character string, judge whether the content-length of announcement information is 0 further, and when content-length is not 0, the frequency of occurrence of announcement information application program ejected increases by 1.Wherein, white character string can be the character string in the content of normal system announcement information, such as, downloads, successful installation etc.
Particularly, if when the content-length of announcement information is 0, then do not record corresponding announcement information, namely the Word message in informing is not got, now announcement information may be picture etc., if when the content-length of announcement information is not 0, then the frequency of occurrence of announcement information corresponding for application program is increased by 1.Thus, the frequency of occurrence of announcement information can be obtained, whether to eject malice advertisement according to the frequency of occurrence determination application program of announcement information, make recognition effect more accurate.
In one embodiment of the invention, processor also specifically for: judge the frequency of occurrence of announcement information exceed threshold value and/or judgement meet pre-conditioned after, judge whether the stack name of announcement information exists in black stack list, and when existing in black stack list, judge whether the application name of announcement information exists in white signature list further, and when not existing in white signature list, determine that application program ejects malice advertisement.Wherein, black stack can comprise harmful content (such as ejecting, anti-government, obscene word etc.) the stack name of program stack that advertisement SDK is corresponding, white signature list can comprise without eject notification information application name, eject the application name etc. of normal announcement information.Thus, the accuracy rate of recognition result is further increased.
In one embodiment of the invention, processor also specifically for: after judging that the frequency of occurrence of announcement information exceedes threshold values, the content of announcement information is added in risk character string storehouse.Particularly, when judging that the frequency of occurrence of announcement information exceedes threshold values, the content of announcement information can be added in risk character string storehouse.Thus, the coverage rate of risk character string is expanded.
In one embodiment of the invention, processor also specifically for: the content of announcement information comprise malice word time, stack name corresponding for announcement information is added in black stack list.Particularly, judge in the content of the announcement information that application program is corresponding, whether to comprise malice word according to pre-conditioned, if comprise malice word, namely comprise harmful content, processor can determine that this application program ejects malice advertisement, and stack name corresponding for this announcement information is added in black stack list.Thus, expand black stack list, further increase recognition efficiency.
In another embodiment of the present invention, the stack name length being added into announcement information in black stack list corresponding need exceed preset length, and do not comprise specific character string in this stack name, such as, ijinshan, tencent etc., if the stack name that announcement information is corresponding comprises specific character string, then this stack name is not black stack, namely can not judge that corresponding application program ejects malice advertisement.Thus, ensure that the reliability of black stack list.
In one embodiment of the invention, processor also specifically for: when determining that application program ejects malice advertisement, by the malice ad-delivery of application program and/or correspondence to cloud server.Particularly, after determining that application program ejects malice advertisement, one or more in application program, corresponding malice advertisement, corresponding announcement information etc. can be sent to cloud server by network connection by processor, obtain the application information that can eject malice advertisement to make cloud server.Wherein, network connection can be 2G, 3G, WiFi, WiMax etc.Thus, when user download and install this can eject malice advertisement application program time, cloud server can to correspondence mobile terminal send reminder message with reminding user, improve Consumer's Experience.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
In the description of this instructions, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
In each embodiment of the method for the present invention; the sequence number of described each step can not be used for the sequencing limiting each step; for those of ordinary skill in the art, under the prerequisite not paying creative work, the priority of each step is changed also within protection scope of the present invention.
Although illustrate and describe embodiments of the invention, those having ordinary skill in the art will appreciate that: can carry out multiple change, amendment, replacement and modification to these embodiments when not departing from principle of the present invention and aim, scope of the present invention is by claim and equivalents thereof.

Claims (27)

1. a recognition methods for malice advertisement in mobile terminal, is characterized in that, comprising:
Obtain the application program run in mobile terminal;
Monitor the informing of described mobile terminal to determine the announcement information that described application program is corresponding; And
Determine whether described application program ejects malice advertisement according to the frequency of occurrence of described announcement information and/or the content of described announcement information.
2. the method for claim 1, is characterized in that, the content of the described frequency of occurrence according to described announcement information and described announcement information determines whether described application program ejects malice advertisement, specifically comprises:
Judge whether the frequency of occurrence of described announcement information exceedes threshold value;
If the frequency of occurrence of described announcement information exceedes threshold value, then determine that described application program ejects malice advertisement;
If the frequency of occurrence of described announcement information does not exceed threshold value, then judge whether the content of described announcement information meets pre-conditioned further; And
If meet pre-conditioned, then determine that described application program ejects malice advertisement.
3. method as claimed in claim 2, is characterized in that, judge the frequency of occurrence of described announcement information exceed threshold value and/or judgement meet pre-conditioned after also comprise:
Judge whether the stack name of described announcement information exists in black stack list;
If exist in black stack list, then judge whether the application name of described announcement information exists in white signature list further; And
If there is no sign in list in vain, then determine that described application program ejects malice advertisement.
4. method as claimed in claim 2, is characterized in that, judge the frequency of occurrence of described announcement information also comprises before whether exceeding threshold value described:
Detect in described announcement information and whether comprise white character string;
If comprise white character string, then do not record corresponding described announcement information;
If do not comprise white character string, then judge whether the content-length of described announcement information is 0 further; And
If content-length is not 0, then the frequency of occurrence of the announcement information described application program ejected increases by 1.
5. the method as described in any one of claim 2-4, it is characterized in that, describedly pre-conditionedly to comprise: the content of described announcement information comprises malice word, described announcement information can not be removed, described announcement information does not have the content pushing source or described announcement information and comprises risk character string.
6. method as claimed in claim 5, is characterized in that, also comprise after the frequency of occurrence of the described announcement information of described judgement exceedes threshold value:
The content of described announcement information is added in risk character string storehouse.
7. method as claimed in claim 5, is characterized in that, also comprise:
If the content of described announcement information comprises described malice word, then stack name corresponding for described announcement information is added in described black stack list.
8. method as claimed in claim 5, is characterized in that, determines that described announcement information does not have push source according to following steps:
Obtain the content information of described announcement information;
Obtain the character of predetermined number in described content information;
Judge the title whether comprising corresponding described application program in the character of described predetermined number; And
If do not comprised, then determine that described announcement information does not have described propelling movement source.
9. the method as described in any one of claim 1-8, is characterized in that, also comprises:
If determine that described application program ejects malice advertisement, then by the described malice ad-delivery of described application program and/or correspondence to cloud server.
10. a recognition device for malice advertisement in mobile terminal, is characterized in that, comprising:
Acquisition module, for obtaining the application program run in mobile terminal;
Monitoring module, for monitoring the informing of described mobile terminal to determine the announcement information that described application program is corresponding; And
Determination module, for determining according to the frequency of occurrence of described announcement information and/or the content of described announcement information whether described application program ejects malice advertisement.
11. devices as claimed in claim 10, it is characterized in that, described determination module specifically for: judge whether the frequency of occurrence of described announcement information exceedes threshold value, and when the frequency of occurrence of described announcement information exceedes threshold value, determine that described application program ejects malice advertisement, and when the frequency of occurrence of described announcement information does not exceed threshold values, judge whether the content of described announcement information meets pre-conditioned further, and meet pre-conditioned in the content of described announcement information, determine that described application program ejects malice advertisement.
12. devices as claimed in claim 11, it is characterized in that, described determination module also specifically for: judge the frequency of occurrence of described announcement information exceed threshold value and/or judgement meet pre-conditioned after, judge whether the stack name of described announcement information exists in black stack list, and when existing in black stack list, judge whether the application name of described announcement information exists in white signature list further, and when not existing in white signature list, determine that described application program ejects malice advertisement.
13. devices as claimed in claim 11, it is characterized in that, described determination module also specifically for: before judging whether the frequency of occurrence of described announcement information exceedes threshold values, detect in described announcement information and whether comprise white character string, and when comprising white character string, do not record corresponding described announcement information, and when not comprising white character string, whether the further content-length judging described announcement information is 0, and when content-length is not 0, the frequency of occurrence of the announcement information described application program ejected increases by 1.
14. devices as described in any one of claim 11-13, it is characterized in that, describedly pre-conditionedly to comprise: the content of described announcement information comprises malice word, described announcement information can not be removed, described announcement information does not have the content pushing source or described announcement information and comprises risk character string.
15. devices as claimed in claim 14, is characterized in that, described determination module also specifically for: after judging that the frequency of occurrence of described announcement information exceedes threshold values, the content of described announcement information is added in risk character string storehouse.
16. devices as claimed in claim 14, is characterized in that, described determination module also specifically for: when the content of described announcement information comprises described malice word, stack name corresponding for described announcement information is added in described black stack list.
17. devices as claimed in claim 14, it is characterized in that, described determination module is also specifically for the content information that obtains described announcement information, and obtain the character of predetermined number in described content information, and judge the title whether comprising corresponding described application program in the character of described predetermined number further, and when not comprising the title of corresponding described application program, determine that described announcement information does not have described propelling movement source.
18. devices as described in any one of claim 10-17, is characterized in that, also comprise:
Sending module, for when determining that described application program ejects malice advertisement, by the described malice ad-delivery of described application program and/or correspondence to cloud server.
19. 1 kinds of mobile terminals, is characterized in that, comprising: shell, processor and circuit board;
Described circuit board is placed in the interior volume that described shell surrounds, and described processor is arranged on described circuit board;
Described processor is used for:
Run application;
By monitoring the informing of described mobile terminal to determine the announcement information that described application program is corresponding; And
Determine whether described application program ejects malice advertisement according to the frequency of occurrence of described announcement information and/or the content of described announcement information.
20. mobile terminals as claimed in claim 19, it is characterized in that, described processor also specifically for: judge whether the frequency of occurrence of described announcement information exceedes threshold values, and when the frequency of occurrence of described announcement information exceedes threshold value, determine that described application program ejects malice advertisement, and when the frequency of occurrence of described announcement information does not exceed threshold value, judge whether the content of described announcement information meets pre-conditioned further, and meet pre-conditioned, determine described application program eject malice advertisement.
21. mobile terminals as claimed in claim 20, it is characterized in that, described processor also specifically for: judge the frequency of occurrence of described announcement information exceed threshold value and/or judgement meet pre-conditioned after, judge whether the stack name of described announcement information exists in black stack list, and when existing in black stack list, judge whether the application name of described announcement information exists in white signature list further, and when not existing in white signature list, determine that described application program ejects malice advertisement.
22. mobile terminals as claimed in claim 20, it is characterized in that, described processor also specifically for: before judging whether the frequency of occurrence of described announcement information exceedes threshold values, detect in described announcement information and whether comprise white character string, and when comprising white character string, do not record corresponding described announcement information, and when not comprising white character string, whether the further content-length judging described announcement information is 0, and when content-length is not 0, the frequency of occurrence of the announcement information described application program ejected increases by 1.
23. mobile terminals as described in claim 20-22, it is characterized in that, describedly pre-conditionedly to comprise: the content of described announcement information comprises malice word, described announcement information can not be removed, described announcement information does not have the content pushing source or described announcement information and comprises risk character string.
24. mobile terminals as claimed in claim 23, is characterized in that, described processor also specifically for: after judging that the frequency of occurrence of described announcement information exceedes threshold values, the content of described announcement information is added in risk character string storehouse.
25. mobile terminals as claimed in claim 23, is characterized in that, described processor also specifically for: when the content of described announcement information comprises described malice word, stack name corresponding for described announcement information is added in described black stack list.
26. mobile terminals as claimed in claim 23, it is characterized in that, described processor is also specifically for the content information that obtains described announcement information, and obtain the character of predetermined number in described content information, and judge the title whether comprising corresponding described application program in the character of described predetermined number further, and when not comprising the title of corresponding described application program, determine that described announcement information does not have described propelling movement source.
27. mobile terminals as described in claim 19-26, is characterized in that, described processor also for: when determining that described application program ejects malice advertisement, by the described malice ad-delivery of described application program and/or correspondence to cloud server.
CN201310329831.9A 2013-07-31 2013-07-31 Method and device for identifying malicious advertisements in mobile terminal and mobile terminal Active CN104346569B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310329831.9A CN104346569B (en) 2013-07-31 2013-07-31 Method and device for identifying malicious advertisements in mobile terminal and mobile terminal
PCT/CN2014/083450 WO2015014299A1 (en) 2013-07-31 2014-07-31 Method, device and mobile terminal for identifying malicious advertisements in mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310329831.9A CN104346569B (en) 2013-07-31 2013-07-31 Method and device for identifying malicious advertisements in mobile terminal and mobile terminal

Publications (2)

Publication Number Publication Date
CN104346569A true CN104346569A (en) 2015-02-11
CN104346569B CN104346569B (en) 2019-02-22

Family

ID=52431016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310329831.9A Active CN104346569B (en) 2013-07-31 2013-07-31 Method and device for identifying malicious advertisements in mobile terminal and mobile terminal

Country Status (2)

Country Link
CN (1) CN104346569B (en)
WO (1) WO2015014299A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104615491A (en) * 2015-02-13 2015-05-13 联想(北京)有限公司 Information processing method and electronic equipment
CN104994080A (en) * 2015-06-12 2015-10-21 联想(北京)有限公司 Information processing method, system and electronic equipment
CN105354492A (en) * 2015-10-16 2016-02-24 珠海格力电器股份有限公司 Mobile communication terminal, message notification control method and device thereof
CN106776610A (en) * 2015-11-19 2017-05-31 珠海市君天电子科技有限公司 Advertisement popup intercepting method and device
CN107046516A (en) * 2016-02-05 2017-08-15 上海行邑信息科技有限公司 A kind of air control control method and device for recognizing mobile terminal identity
CN107562474A (en) * 2017-08-29 2018-01-09 努比亚技术有限公司 Interface filter method, terminal and the computer-readable recording medium of a kind of application program
US10467408B1 (en) 2019-03-19 2019-11-05 Five Media Marketing Limited Automatic security scanning of advertisements during runtime of software applications
US10678923B1 (en) 2019-07-10 2020-06-09 Five Media Marketing Limited Security management of advertisements at online advertising networks and online advertising exchanges
CN111597554A (en) * 2020-05-07 2020-08-28 上海二三四五网络科技有限公司 Control method and device for detecting suspicious software based on browser
US11128644B2 (en) 2019-03-19 2021-09-21 Five Media Marketing Limited Automatic security scanning of advertisements during runtime of software applications
WO2022062769A1 (en) * 2020-09-22 2022-03-31 中兴通讯股份有限公司 Notification processing method, terminal device, and storage medium
CN115640576A (en) * 2022-12-13 2023-01-24 荣耀终端有限公司 Malicious application identification method, terminal device and readable storage medium
CN116709339A (en) * 2022-10-09 2023-09-05 荣耀终端有限公司 Detection method of application notification message and electronic equipment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10567430B2 (en) 2016-12-09 2020-02-18 International Business Machines Corporation Protecting against notification based phishing attacks

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102395128A (en) * 2011-06-30 2012-03-28 北京邮电大学 Malicious information transmission preventing method and system of mobile intelligent terminal
US20120159620A1 (en) * 2010-12-21 2012-06-21 Microsoft Corporation Scareware Detection
CN102801855A (en) * 2012-07-19 2012-11-28 广东欧珀移动通信有限公司 Method for rapidly cleaning and shielding junk notice
US8356352B1 (en) * 2008-06-16 2013-01-15 Symantec Corporation Security scanner for user-generated web content
CN103020528A (en) * 2012-12-24 2013-04-03 珠海市君天电子科技有限公司 Display method and display device for malicious acts of applications
CN103065090A (en) * 2012-12-20 2013-04-24 广东欧珀移动通信有限公司 Method and device for intercepting malicious advertisements of application program
CN103116722A (en) * 2013-02-06 2013-05-22 北京奇虎科技有限公司 Processing method, processing device and processing system of notification board information

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8356352B1 (en) * 2008-06-16 2013-01-15 Symantec Corporation Security scanner for user-generated web content
US20120159620A1 (en) * 2010-12-21 2012-06-21 Microsoft Corporation Scareware Detection
CN102395128A (en) * 2011-06-30 2012-03-28 北京邮电大学 Malicious information transmission preventing method and system of mobile intelligent terminal
CN102801855A (en) * 2012-07-19 2012-11-28 广东欧珀移动通信有限公司 Method for rapidly cleaning and shielding junk notice
CN103065090A (en) * 2012-12-20 2013-04-24 广东欧珀移动通信有限公司 Method and device for intercepting malicious advertisements of application program
CN103020528A (en) * 2012-12-24 2013-04-03 珠海市君天电子科技有限公司 Display method and display device for malicious acts of applications
CN103116722A (en) * 2013-02-06 2013-05-22 北京奇虎科技有限公司 Processing method, processing device and processing system of notification board information

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104615491B (en) * 2015-02-13 2018-04-27 联想(北京)有限公司 A kind of message treatment method and electronic equipment
CN104615491A (en) * 2015-02-13 2015-05-13 联想(北京)有限公司 Information processing method and electronic equipment
CN104994080A (en) * 2015-06-12 2015-10-21 联想(北京)有限公司 Information processing method, system and electronic equipment
CN105354492A (en) * 2015-10-16 2016-02-24 珠海格力电器股份有限公司 Mobile communication terminal, message notification control method and device thereof
CN105354492B (en) * 2015-10-16 2018-07-17 珠海格力电器股份有限公司 Communication terminal and its message informing control method and device
CN106776610B (en) * 2015-11-19 2020-04-17 珠海豹趣科技有限公司 Advertisement popup intercepting method and device
CN106776610A (en) * 2015-11-19 2017-05-31 珠海市君天电子科技有限公司 Advertisement popup intercepting method and device
CN107046516A (en) * 2016-02-05 2017-08-15 上海行邑信息科技有限公司 A kind of air control control method and device for recognizing mobile terminal identity
CN107046516B (en) * 2016-02-05 2020-04-14 上海行邑信息科技有限公司 Wind control method and device for identifying mobile terminal identity
CN107562474A (en) * 2017-08-29 2018-01-09 努比亚技术有限公司 Interface filter method, terminal and the computer-readable recording medium of a kind of application program
US10467408B1 (en) 2019-03-19 2019-11-05 Five Media Marketing Limited Automatic security scanning of advertisements during runtime of software applications
US11128644B2 (en) 2019-03-19 2021-09-21 Five Media Marketing Limited Automatic security scanning of advertisements during runtime of software applications
US10678923B1 (en) 2019-07-10 2020-06-09 Five Media Marketing Limited Security management of advertisements at online advertising networks and online advertising exchanges
US11762997B2 (en) 2019-07-10 2023-09-19 Five Media Marketing Limited Security management of advertisements at online advertising networks and online advertising exchanges
CN111597554A (en) * 2020-05-07 2020-08-28 上海二三四五网络科技有限公司 Control method and device for detecting suspicious software based on browser
WO2022062769A1 (en) * 2020-09-22 2022-03-31 中兴通讯股份有限公司 Notification processing method, terminal device, and storage medium
CN116709339A (en) * 2022-10-09 2023-09-05 荣耀终端有限公司 Detection method of application notification message and electronic equipment
CN115640576A (en) * 2022-12-13 2023-01-24 荣耀终端有限公司 Malicious application identification method, terminal device and readable storage medium

Also Published As

Publication number Publication date
WO2015014299A1 (en) 2015-02-05
CN104346569B (en) 2019-02-22

Similar Documents

Publication Publication Date Title
CN104346569A (en) Method and device for identifying malicious advertisements in mobile terminal and mobile terminal
CN109347827B (en) Method, device, equipment and storage medium for predicting network attack behavior
CN103425926B (en) The method of application program launching method, configured list, terminal and server
CN110830986B (en) Method, device, equipment and storage medium for detecting abnormal behavior of Internet of things card
CN105988836B (en) Application recommendation method and device
CN104135424B (en) A kind of application message method for pushing, server, terminal and system
CN103984468A (en) Method and device for information processing
CN106790727B (en) Information push method and device
CN106550089B (en) Verification code processing method, client and user terminal
CN103473346A (en) Android re-packed application detection method based on application programming interface
CN103595774A (en) System application uninstalling method and device with terminal based on server side
CN103839005A (en) Malware detection method and malware detection system of mobile operating system
CN105988805B (en) Application program management method and mobile terminal
CN106022101B (en) application management method and terminal
CN104751051A (en) Method, device and mobile terminal for identifying malicious advertisements
CN105530130A (en) Method and device for upgrading Over-The-Air downloading technology
US20200183789A1 (en) Installation file processing method and device, and server
EP3780700B1 (en) Power consumption anomaly prompting method, server, and terminal
CN105094278B (en) A kind of information processing method and device
KR20180079434A (en) Virus database acquisition methods and devices, equipment, servers and systems
CN105446987A (en) Picture garbage file identification method and device and electronic equipment
CN107329763B (en) Application program interface display method and device, electronic equipment and storage medium
CN103020528A (en) Display method and display device for malicious acts of applications
CN115344315B (en) Skin switching method and device of applet page and electronic equipment
CN103902906A (en) Mobile terminal malicious code detecting method and system based on application icon

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100041 A-0071 2, 3 building, 30 Shixing street, Shijingshan District, Beijing.

Applicant after: Beijing Cheetah Mobile Technology Co.,Ltd.

Applicant after: Beijing Cheetah Network Technology Co.,Ltd.

Applicant after: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

Applicant after: ZHUHAI JUNTIAN ELECTRONIC TECHNOLOGY Co.,Ltd.

Applicant after: CONEW NETWORK TECHNOLOGY (BEIJING) Co.,Ltd.

Address before: 100041 room 3, 3 West well road, Badachu hi tech park, Shijingshan District, Beijing, 1100A

Applicant before: SHELL INTERNET (BEIJING) SECURITY TECHNOLOGY Co.,Ltd.

Applicant before: BEIJING KINGSOFT NETWORK TECHNOLOGY Co.,Ltd.

Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

Applicant before: ZHUHAI JUNTIAN ELECTRONIC TECHNOLOGY Co.,Ltd.

Applicant before: CONEW NETWORK TECHNOLOGY (BEIJING) Co.,Ltd.

GR01 Patent grant
GR01 Patent grant