CN110071924A - Big data analysis method and system based on terminal - Google Patents
Big data analysis method and system based on terminal Download PDFInfo
- Publication number
- CN110071924A CN110071924A CN201910336086.8A CN201910336086A CN110071924A CN 110071924 A CN110071924 A CN 110071924A CN 201910336086 A CN201910336086 A CN 201910336086A CN 110071924 A CN110071924 A CN 110071924A
- Authority
- CN
- China
- Prior art keywords
- terminal
- application program
- information
- big data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
- H04W8/245—Transfer of terminal data from a network towards a terminal
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A kind of big data analysis method and system based on terminal, search for application carry out confirmation whether malice;Whether determination reattempts to or downloads;Downloading installation application program, carries out security credential;It determines and retains or unload application program;Administration authority when operation, access sensitivity or private data.This method and system can utilize big data and information security technology, carry out safety detection to application program in erection stage, and the application program harmful to terminal intercepts, and confirms to its source and blocks;For application program to the legally or illegally access problem of user privacy information, the privacy information of terminal is encrypted, for Lawful access, privacy information reading is carried out by reasonable management and ensures to read not past default access, for unauthorized access, it blocks setting to avoid unreasonable access of the application program to privacy program by time setting or permission, guarantees the safety of application program downloading at the terminal, operation and data access.
Description
Technical field
The present invention relates to electric data processing fields, and more specifically, are related to a kind of big data analysis based on terminal
Method and system.
Background technique
With the rapid development of information technology, intelligent mobile terminal and high-speed mobile network provided for user it is rich and varied
Information and resource, and user is needed while being worked, being lived using these information technologies, entertained, link up via net
Network downloads a large amount of application program (APP), whereby can via network by needed for oneself resource or information present, download, deposit
It stores up in intelligent mobile terminal, to facilitate the work and life of user.Have in intelligent mobile terminal application market now big
The application of the bright characteristic, user experience close friend of amount, they greatly improve user experience.
However, technology is also a double-edged sword, while bringing benefit, also cause a series of safety problems.For example, net
Network gradually becomes the approach of rogue program propagation.After the program therefrom downloaded stores or is installed to local terminal operation, some meetings
File in malicious modification local terminal, some will cause systemic breakdown or operation is slack-off.For another example under application program
It carries, the risk that installation and operation brings individual privacy to reveal, the individual privacy includes the personal identification of user, user's finance account
Family and financial information, Behavior preference, health condition, the personal informations such as social status, social record.The privacy of user of Apple Inc.
Leakage event reflect the said firm once privately record user every time using position APP when location information and upload to back-end data
Among library, a large amount of privacy of user is caused to reveal.It is a large amount of and diversified and in the specific data to single user is excavated
Information intersection finally can accurately depict the profile of the user, such as personal age, economic situation, consumer behavior and grade,
Social status, social circle etc., and then expedite the emergence of out some new privacy risks urgently to be resolved and ethics safety problem.Therefore it needs
Detection and killing are carried out to the application program of installation, however detection in the prior art and killing have the following problems.
For the killing of malicious application, after usually detecting rogue program, rogue program is deleted, to avoid malice
Program executes malicious act, but can not trace the source of rogue program, thus can not carry out to the source of rogue program thorough
Its source is broken off in killing.Moreover, including static analysis and two kinds of dynamic analysis for the analysis of malicious application.Static state point
Analyse information that is simple and quick, but needing to know known malicious application program before scanning, such as signature, behavior pattern, authority application
Deng.Application program is run in a closed environment and is monitored by dynamic analysis, analyzes the behavioural characteristic of application program, such as file permission
Change, process and thread operating condition, system call situation, network access situation etc..But either static analysis is still moved
State analysis, analytic process require the application information for being stored in advance and recording, and analysis efficiency is not ideal enough, and
Update and comparison and accuracy rate depend on the application information for being stored in advance and recording;To be objective, which lacks
The analysis of few big data.In addition, the application of malice newly installed often attempts to access that the privacy information of user;In spite of answer
Lawful authority is had to the Lawful access of the privacy information of such as incoming short message SMS of user etc with program, but it is existing
Technology, which lacks, carries out effective file protection to its airborne existing subscriber's privacy, also lacks the reasonable of the access for privacy information
Management.
Summary of the invention
An object of the present invention is to provide a kind of big data analysis method and system based on terminal, can be using greatly
Data and information security technology carry out safety detection, and the application harmful to terminal to application program in erection stage
Program is intercepted, and its source is confirmed and blocked;And for application program for user privacy information in terminal
Legally or illegally access problem, the privacy information of terminal is encrypted in the present invention, for Lawful access, passes through conjunction
Reason manages and carries out privacy information reading and ensure to read to set not past default access, and for unauthorized access by the time
It sets or permission blocks the unreasonable access for being arranged and avoiding application program to privacy program.By means of the present invention and it is
System can realize the safety of system based on big data and rights management, and finally guarantee application program downloading at the terminal,
The safety of operation and data access.
A kind of technical solution that the present invention takes to solve above-mentioned technical problem are as follows: big data analysis side based on terminal
Method, comprising: application program needed for terminal searching simultaneously sends it to confirmation whether determining server carries out malice;Terminal base
It is whether the malice that determining server is obtained according to big data to reattempt to other resource downloadings or user's selection as a result, determining
Whether download or directly download the application program: terminal downloads install the application program and extract information, are sent to judgement service
Device carries out security credential;Security credential of the terminal based on determining server, determination retain the application program also in the terminal
It is to unload the application program;And terminal determines after retaining the application program, in the operation of subsequent applications program, access terminal
Rights management is carried out when sensitive or private data to be enabled or be forbidden.
In one embodiment, this method further includes steps of step S1, and terminal is via wireless network search institute
The application program needed, and obtain the title and/or IP information of the Resource Server containing application program;Step S2, terminal should
The title and/or IP information of Resource Server are sent to confirmation whether determining server carries out malice;Step S3, terminal according to
The result whether malice that determining server is confirmed based on big data executes respective operations: blocking if malice and takes with the resource
The communication link of business device simultaneously continues to attempt to the other Resource Servers obtained in step S1 and sequentially carries out step S2 and S3, until
Determining server confirmation non-malicious or number of attempt reach user preset number;It is chosen whether down if non-malicious by user
Carry or directly download the application program;Step S4, terminal installs the application program and extracts its information after downloading, applies journey to this
Sequence carries out signature processing, and sends determining server for the information of extraction and carry out security credential;Step S5, terminal is according to sentencing
Server, which is determined, based on the security credential of big data still unloads this using journey as a result, determining and retaining the application program in the terminal
Sequence;When retaining the application program, distinctive permission is assigned to the application program, and when unloaded by the information of the application program
Determining server is sent to update for big data analysis, judgement and the database of confirmation;Step S6, when the application program exists
When being executed in terminal, obtains its operating parameter and analyzed;Step S7, the result based on analysis further determine that in the terminal
Retain the application program and still unload the application program, and sends determining server for the information of the application program to update use
In big data analysis, judgement and the database of confirmation;Step S8, the privacy of user number in application requests access terminal
According to when, terminal confirms its access authority according to authority configuration table, and executes respective operations;Step S9, when terminal have it is new instant
When communication message is incoming and the application requests access, terminal is enabled to the access of the application program based on access setting
Or forbid.
In one embodiment, step S1 further comprises: the browser directly installed via terminal it is expected by input
Application program title, scanned for by search engine;Or in current non-browser application, pass through user's finger
There is the option of selection text, all or part of name that user passes through selection and highlighted application program on the screen in long-pressing screen
Claim, and click the search button occurred on screen after selected, one or more browsings occurs and clicking the search button
The selection icon of device is for selection, scans for after selecting corresponding browser icon;Or it is answered in current non-browser
In, by selecting the search icon in non-browser application, occurs input frame on the screen, pass through and input desired application
After program name, third party's browser which applied or called directly default scans for or occurs one
Or the selection icon of multiple browsers is for selection and scan for after selecting corresponding browser icon;Or embedded
Have the instant messaging of browser apply in or occur selecting the choosing of text by user's finger long-pressing screen and on the screen
, and selecting and highlighting all or part of title of application program and clicking the search button occurred on screen after selected
Call insertion browser scan for or by select the non-browser apply in search icon and occur on the screen
Input frame calls the browser of insertion to scan for by inputting desired application name.It is searched via wireless network
After the application program of Suo Suoxu, according to result obtain for identify the Resource Server containing application program title and/or
IP address.
In one embodiment, step S2 further comprises: terminal selects the title and/or IP information of the Resource Server
Any one of or both, and it is packaged in packet to be transmitted with fixed packet transformat, and the header of packet is arranged
For request attribute, any one of title and/or IP information in packet to be transmitted or both pass through fixed end later
Symbol terminates, and in order to determining server identification, determining server is sent by Radio Link for the packet later, for being disliked
Confirmation whether meaning.
In one embodiment, step S3 further comprises: determining server is internally provided with for big data analysis, really
The database recognized and determined, the database purchase have the security attribute information of the application program for terminal, including malice, safety
With it is undetermined, which is updated as time goes by, update mode pass through user upload, information centre
Any one of the modes such as notice and carry out;Determining server receives the packet of terminal transmission, and regular based on preset fractionation packet,
Any one of title and/or IP information of the Resource Server in packet or both is extracted, and is entered into internal setting
Database, will when having the occurrence for meeting safety or malice and being confirmed to be without matching to timing to carry out information matches
The result of the clear and undetermined security attribute information is packaged, and is sent to terminal via Radio Link;Terminal receives the packet
And packet is split, and security attribute information therein is extracted, if it is the communication link maliciously then blocked with the Resource Server, and after
Continue the other Resource Servers for attempting to obtain in step S1 and sequentially carry out step S2 and S3, until determining server confirms non-evil
Meaning or number of attempt reach user preset number;It is then chosen whether to download the application program by user if it is safety: if
It is that safety is then chosen whether to download or directly download the application program by user, wherein then directly downloading the application if it is safety
Program, and if it is being chosen whether to download the application program by user to rule, subsequent step is carried out if downloading, if not downloading
Then determine that directly exiting this method still continues to attempt to the other Resource Servers obtained in step S1 and sequentially carry out step S2
With S3 until determining server confirmation meets the desired security attribute of user or number of attempt reaches user preset number.
In one embodiment, step S4 further comprises: terminal installs the application program and extracts its letter after downloading
Breath carries out signature processing to the application program, and sends the step that determining server carries out security credential for the information of extraction
In rapid, terminal therein during the application program is installed, change the file suffixes name of application program to be decompressed and
Obtain including by compiling and the first file for being packed into of tool, obtain transformation tool will include item name
Category file copies the first directory location to, is generated in application program at the first directory location by class switch order
Packet data;Library function by traversing packet data obtains the function transferred, and the behavioural information of the function by transferring is true
Its fixed behavior property, wherein behavior information includes access behavioural information, creation process behavior information, operation process behavior letter
The identifier of other application program and the behavioural information of permission, installation behavior letter are transferred in breath, Registry behavioural information, application
Breath, compression are packaged behavioural information and mobile data transfer behavioural information, and whether behavior property includes malice;According to behavior property
Determine the behavior execution route of function transferred, which recorded, a part of the information as extraction, with
Determining server is uploaded in subsequent step, by by some or all of the execution route in determining server based on word
The path big data of section code is analyzed, and then carries out security credential.Wherein terminal carries out signature processing to the application program
During, based on the application program after decompression, obtain All Files in application program;The file of first kind safety is breathed out
Uncommon algorithm calculates summary info, and encodes to the summary info, and encoded radio deposit is different from the of the first kind later
In first file of two types, and the summary info in the first file of Second Type and private key information life will be previously stored in
At one group of signing messages and the first position that is stored in second files different from the first file of Second Type, by A.L.S.
Breath and public key are stored in the second position in the second file, and wherein the first kind and Second Type are related to the text of different directories type
Part.
In one embodiment, in above-mentioned steps S4, extracting information further comprises extracting the other parts of information,
That is: it by the file of the entitled compressed package form of file renamed as suffix of application program and decompresses, and then obtains first and match
File is set, the first configuration file is converted into operable text formatting using the first open source software;The second open source will be used soft
Binary sound code file in the result of part decompiling decompression;Using third open source software restore binary sound code file with
Obtain the source code of the file of the application program;The source code of file based on application program is swept source code using matching algorithm
It retouches, and designated key word is counted, obtain quantity and corresponding position of the specified each keyword in class file and make
It is stored with matrix, the similarity distance between every two keyword is calculated based on distance algorithm;Based on similarity distance to keyword point
Class, and using each keyword in matrix as root node, the high keyword of similarity between each node is aggregated in one
It rises, is compared with the matrix of the position at the place of storage, remove different classes of keyword, and then classified and stored;It will be in terminal
The feature of the security application stored in property data base and the feature of classified and stored compare, and remove the application program
The security feature for including in feature to avoid increase information processing capacity and increase message processing time and power consumption and waste terminal
Limited process resource;Using classified and stored and the data of feature are removed as the other parts for the information extracted, with other information
It is sent to determining server together and carries out security credential.
In one embodiment, step S5 further comprises: terminal receives safety of the determining server based on big data
Authentication result, and further determined whether based on the result maliciously, the application program to be unloaded when for malice, when to be safe
Retain the application program in the terminal, and works as and show user for user on a display screen indicating risk information to timing
Solution security attribute simultaneously selects unloading or retains;When retaining the application program, permission, the permission packet are assigned to the application program
Storage permission, permission of taking pictures are included, permission, reading and the transmission of permission, recording permission, calling end sensor that microphone uses
Short message permission makes a phone call permission, the permission of SIM card number of identification terminal installation, the permission for reading address list, reading use
The permission of family exercise data, unlatching mobile operator communication network connection permission, unlatching Wireless Fidelity connection permission, reading are other
The permission of application program, read instant message applications communications records permission, assign permission include assign enable permission or
Assign disabling permission;When determining unloading, determining server is sent to update determining server by the information of the application program
In be used for big data analysis, judgement and the database of confirmation.
In one embodiment, it in step S6, when the application program executes at the terminal, obtains its operating parameter and goes forward side by side
Row analysis, including: executing application obtains the behavioral parameters in its operational process, and behavior parameter includes system
API, the variation of file permission, process and thread operation data, call data, network access request data, transmission network number
According to by behavior reference record in journal file;The transplantable creation operation for executing file in application program is monitored, is determined
It creates main body, and transplantable execution file is established in terminal memory with it and creates intersubjective corresponding relationship;Use mould
Quasi- tool voluntarily runs and simulates the operation operation of terminal user, to obtain journal file record and network data packets file note
Record;In simulation tool end of run, and network link open connect and as time goes by and data communication terminates it
Afterwards, journal file record and network data packets file record are stored in the first storage location;To journal file record and
Network data packets file record is analyzed, wherein using feature extraction to journal file record and network data packets file
Permission, API, URL and character string are converted into numerical characteristics by the characteristic quantification of record, using using based on mean value and variance
Feature selecting algorithm selects the subset of feature, combining classification and cluster and the regular logarithm value tag of label building to be predicted,
Based on the parameter in the numerical characteristics and preset configuration file values match and determine its operation action attribute, that is, that installs should
Whether application program is safe for terminal, and the first part of the result as analysis;When result is safety or phase
Inverse time, file was executed and it creates the corresponding relationship of main body as second of the result analyzed for transplantable in application program
Point, when for it is dangerous i.e. malice when, in addition by the relevant information for creating main body be marked using as mark the application program meeting
The malice identification information impact to terminal and the supplement part as second part update for being sent to determining server
Big data analysis determine and confirmation database, and terminal recorded and stored in security information database using as
The source of malice, can be provided using the application program in the source as the application program from malicious origin in subsequent installation and
It is shown to user, thorough killing optionally is carried out to the source for user and nips off the source and all application programs from it
Installation and the source to any access request of terminal;The of the result of the first part and analysis of the result of polymerization analysis
Two parts are using the information as the application program.
In one embodiment, in step S7, the result based on analysis further determines that retains this using journey in the terminal
Sequence still unloads the application program, and sends determining server for the information of the application program to update and be used for big data point
Analysis determines and the database of confirmation further comprises: the first part of result of the terminal based on analysis, when for safe application journey
Retain the application program when sequence, and unload the application program when for malice, and by include analysis result first part and
The information of the application program of the second part of the result of analysis is sent to determining server to update and be used for big data analysis, judgement
With the database of confirmation, wherein the second part of the result of analysis further includes having that the relevant information of main body will be created when for malice
Being marked can be to the supplement part for the malice identification information that terminal impacts using the application program as mark.
In one embodiment, in the step s 7, after having executed above-mentioned steps, following operation is further executed:
After unloading application program, monitoring programme is activated when terminal starts network communication, so that the monitoring programme real-time interception
The data received and dispatched by network, and by the source of the data sink of transmission and/or received data source and predetermined malice into
Row characteristic matching, this is given to user as the result is shown when meeting matching criteria and analyze the position where data to be sent and
Fixed point removal is carried out to the Name & Location for the entity that the data are called, and by the Name & Location of the entity of the calling,
It shows later and removes the operating as a result, repeating above-mentioned removal if unsuccessful and user is showed to remove process of success or not,
Until meeting preset requirement.
In one embodiment, data to be sent are also analyzed while analyzing the position where data to be sent, with
Determine whether the account containing user, contact person, identifying code, contact method information, and if so, by indicating risk to use
Family.
In one embodiment, in step S8, when the privacy of user data in application requests access terminal, eventually
End confirms its access authority according to authority configuration table, and executes respective operations and further comprise: when the application requests access
When privacy of user data in terminal, access request is sent to the processor of terminal by application program, and processor is by application program
Mark is sent to authority management module, to determine the access right of the application program according to the authority configuration table in authority management module
Limit, when application program has one of plural kind of private data or a variety of access authority, processor determines this using journey
Whether the access authority of the privacy of user data in the terminal that sequence requests access to meets the access authority that authority configuration table determines, such as
Fruit meets then to one corresponding rendering engine of application assigned, and processor issues jump instruction, and jumps finger by execution
Application program is guided to the entrance of rendering engine after order, with for by the rendering engine to the user in the terminal requested access to
Private data explains, and the privacy of user data of explanation are sent to the application program.
In one embodiment, which is the data converted to ensure user information safety,
When storing in the terminal will not plain code storage and obtained by malicious code or file or software attacks and then cause to user can not
The loss retrieved, wherein be converted into first by the code form of original function only can be by the solution of terminal for the privacy of user data
Engine is released to explain, can not effectively divide the bytecode for cracking and seeming no obvious meaning for third party software,
The bytecode is explained with pieces by rendering engine, and the fragment length is limited by the rendering engine, while each
Between a segment, the end of previous segment it is identifiable with rendering engine, indicate interval, word with finite data length
Save the separator of code form;Jump instruction is set for bytecode, and is stored in register, the simultaneously erased generation by original function
The privacy of user data that code form indicates;When the privacy of user data in application requests access terminal, if processor
Determine whether the access authority of the privacy of user data in the terminal of application requests access meets authority configuration table and determine
Access authority, then jump instruction is transferred and issued to processor, and guides application program to solution after executing jump instruction
The entrance of engine is released, with for being explained by the rendering engine to the privacy of user data in the terminal requested access to, and will
The privacy of user data of explanation are sent to the application program.
In one embodiment, in step S9, when terminal has, new instant communication information is incoming and the application program is asked
When asking access, terminal it is enabled to the access of the application program based on access setting or forbid further comprise: when terminal has newly
Instant communication information it is incoming when, terminal receives the instant communication information of the new incoming, and by the message analysis of terminal
Module analysis classified information wherein included, in the incoming instant communication information of the message-analysis module judgement of terminal whether include
The combined information of user password, account, any one or more in identifying code with effective time, when comprising it is therein any one
Or when multiple combined information with effective time, by the secret repository of the instant communication information storage of the new incoming to terminal
In, otherwise the instant communication information of new incoming is stored into the conventional repository of terminal;When comprising it is therein any one or it is more
A combined information with effective time, and when the application program of installation attempts to access that the incoming instant communication information, power
Limit management module verifies whether the application program has access authority to incoming instant communication information, if do not had (i)
Access authority, then the instant communication information of new incoming is not sent to this and answered by the secret repository of authority management module notice terminal
With program, and (ii), if having access authority, authority management module is to secret repository sending application program to secret
The read requests of message in repository, and whether the message-analysis module of authority management module notice terminal judges present period
In effective reading period of the instant communication information of the new incoming of storage, when in new incoming instant communication information it is effective
When reading in the period, then the instant communication information of the new incoming wherein stored is sent to application program by secret repository, it is no
Then in the effective reading period for the instant communication information for being not at new incoming, that is, it is in the taboo of the instant communication information of new incoming
When only reading in the period, the instant communication information of the new incoming wherein stored is sent to application program by secret repository refusal,
Until it forbids reading period releasing, even if application program is attempted to read private information success at this time, due to the time
Past and beyond new incoming instant communication information accessible effective reading period, so even if application program read
To private information, terminal can not also be constituted and be attacked because effectual time has been crossed, significantly reduce malicious application pair
The private information of terminal being stolen and revealing;And work as the conventional repository of the instant communication information storage of new incoming to terminal
In, and when the application program of installation attempts to access that the incoming instant communication information, authority management module verifies this using journey
Whether sequence has the access authority to incoming instant communication information, if not having access authority, authority management module (i)
The instant communication information of new incoming is not sent to the application program, and (ii) if had by the conventional repository of notice terminal
Access authority then limits read requests of the management module to conventional repository sending application program to message in conventional repository, and
And the instant communication information of the new incoming wherein stored is sent to application program by conventional repository.
In one embodiment, a kind of big data analysis system based on terminal, including terminal and judgement service are disclosed
Device, wherein terminal includes: processor, authority management module, rendering engine, message-analysis module, secret repository, conventional storage
Library;Determining server is internally provided with for big data analysis, confirmation and the database of judgement;The big data based on terminal
Analysis system is for executing the big data analysis method above-mentioned based on terminal.
Detailed description of the invention
In the accompanying drawings by way of example rather than the embodiment of the present invention is shown by way of limitation, wherein phase
Same appended drawing reference indicates identical element, in which:
According to an exemplary embodiment of the invention, Fig. 1 illustrates a kind of brief stream of big data analysis method based on terminal
Cheng Tu.
According to an exemplary embodiment of the invention, the tool of a kind of big data analysis method based on terminal of Fig. 2 pictorial image 1
The flow chart that body is realized.
According to an exemplary embodiment of the invention, Fig. 3 illustrates a kind of big data analysis system based on terminal.
Specific embodiment
Before carrying out following specific embodiments, certain words and phrase used in the patent document are illustrated
Definition may be advantageous: term " includes " and "comprising" and its derivative mean to include without limiting;Term "or" is
Include, it is meant that and/or;Phrase " with ... it is associated ", " associated with it " and its derivative might mean that including quilt
Be included in ... it is interior, with ... interconnection, include be comprised in ... it is interior, be connected to ... or with ... connect, be coupled to ... or
With ... couple, can be with ... communicate, with ... cooperation interweaves, and side by side, approaches ..., be bound to ... or with ... binding, tool
Have, attribute having ..., etc.;And term " controller " mean to control any equipment of at least one operation, system or its
Component, such equipment may be realized with some combinations of hardware, firmware or software or wherein at least two.It should be noted that
: functionality associated with any specific controller may be centralization or distributed, either local or remote
Journey.The definition for being used for certain words and phrase is provided through patent document, it should be understood by those skilled in the art that: if not
In most cases, in many cases, such definition is suitable for word and phrase existing and define in this way not
To use.
In the following description, several specific embodiments with reference to attached drawing and are diagrammatically shown.It will be appreciated that
It is contemplated that and other embodiments can be made without departing from the scope of the present disclosure or spirit.Therefore, described in detail below should not be by
Think in a limiting sense.
According to an exemplary embodiment of the invention, Fig. 1 illustrates a kind of brief stream of big data analysis method based on terminal
Cheng Tu.Method includes the following steps:
(A) application program needed for terminal searching and send it to determining server carry out malice whether confirmation;
(B) whether the malice that terminal is obtained based on determining server according to big data as a result, determine reattempt to it is other
Resource downloading or user choose whether to download or directly download the application program:
(C) terminal downloads install the application program and extract information, are sent to determining server and carry out security credential;
(D) security credential of the terminal based on determining server determines that retaining the application program in the terminal still unloads
The application program;And
(E) sensitivity or privacy after terminal determines the reservation application program, in the operation of subsequent applications program, access terminal
Rights management is carried out when data to be enabled or be forbidden.
According to an exemplary embodiment of the invention, the tool of a kind of big data analysis method based on terminal of Fig. 2 pictorial image 1
The flow chart that body is realized.This method further includes steps of
Step S1, terminal obtain the resource clothes containing application program via application program needed for wireless network search
The title and/or IP information of business device;
Step S2, terminal by the title of the Resource Server and/or IP information be sent to determining server carry out malice with
No confirmation;
Step S3, the result whether malice that terminal is confirmed according to determining server based on big data execute respective operations:
The communication link with the Resource Server is blocked if malice and continues to attempt to the other Resource Servers obtained in step S1
And step S2 and S3 are sequentially carried out, until determining server confirms that non-malicious or number of attempt reach user preset number;Such as
Fruit non-malicious is then chosen whether to download or directly download the application program by user;
Step S4, terminal installs the application program and extracts its information after downloading, carries out signature processing to the application program,
And determining server is sent by the information of extraction and carries out security credential;
Step S5, terminal is according to determining server based on the security credential of big data as a result, determination retains in the terminal
The application program still unloads the application program;When retaining the application program, distinctive permission is assigned to the application program, and
Determining server is sent by the information of the application program when unloaded to update and be used for big data analysis, judgement and the number of confirmation
According to library;
Step S6 obtains its operating parameter and is analyzed when the application program executes at the terminal;
Step S7, the result based on analysis further determine that retaining the application program in the terminal still unloads this using journey
Sequence, and determining server is sent by the information of the application program to update and be used for big data analysis, judgement and the data of confirmation
Library;
Step S8, when the privacy of user data in application requests access terminal, terminal is according to authority configuration table
Confirm its access authority, and executes respective operations;
Step S9, when terminal has new instant communication information incoming and the application requests access, terminal is based on
Access is arranged and the access of the application program is enabled or forbidden.
According to the above-described big data analysis method based on terminal, big data and information security technology can be utilized,
Safety detection is carried out to application program in erection stage, and the application program harmful to terminal intercepts, and to it
Source is confirmed and is blocked;And the legally or illegally access of user privacy information in terminal is asked for application program
Topic carries out privacy information reading by reasonable management and ensures to read not past default access, or avoided by setting
Unreasonable access of the application program to privacy program, and then the safety based on big data and rights management realization system.
Preferably, step S1 further comprises: the browser directly installed via terminal, desired using journey by inputting
The title of sequence, is scanned for by search engine;Or in current non-browser application, pass through user's finger long-pressing screen
Curtain, on the screen occur selection text option, user by selection and highlighted application program all or part of title, and
The search button occurred on screen is clicked after selected, the selection of one or more browsers occurs and clicking the search button
Icon is for selection, scans for after selecting corresponding browser icon;Or in current non-browser application, pass through
The search icon in non-browser application is selected, occurs input frame on the screen, passes through and inputs desired application name
Afterwards, third party's browser which applied or called directly default scans for or occurs one or more clear
Look at device selection icon it is for selection and scanned for after selecting corresponding browser icon;Or it is being embedded with browser
Instant messaging application in or occur selecting the option of text by user's finger long-pressing screen and on the screen, pass through choosing
It selects and highlights all or part of title of application program and click the search button occurred on screen after selected and call insertion
Browser scan for or by select the non-browser apply in search icon and occur input frame on the screen,
The browser of insertion is called to scan for by inputting desired application name.Needed for via wireless network search
After application program, the title and/or IP address for identifying the Resource Server containing application program are obtained according to result.
Preferably, step S2 further comprises: terminal selects any in the title and/or IP information of the Resource Server
Person or both, and it is packaged in packet to be transmitted with fixed packet transformat, and set request for the header of packet and belong to
Property, it is terminated by fixed end mark after any one of title and/or IP information in packet to be transmitted or both, with
Convenient for determining server identification, determining server is sent by Radio Link by the packet later, whether for carrying out maliciously
Confirmation.
Preferably, step S3 further comprises: determining server is internally provided with for big data analysis, confirmation and judgement
Database, which has the security attribute information of the application program for terminal, including malice, safe and undetermined,
The security attribute information is updated as time goes by, and update mode is uploaded by user, information centre notifies etc.
Any one of mode and carry out;Determining server receives the packet of terminal transmission, and based on preset fractionation packet rule, extracts packet
In Resource Server title and/or any one of IP information or both, and be entered into the database of internal setting,
To carry out information matches, when having the occurrence for meeting safety or malice and being confirmed to be without matching to timing, this is defined
It is packaged with the result of security attribute information undetermined, is sent to terminal via Radio Link;Terminal receives the packet and splits
Packet, extracts security attribute information therein, if it is the communication link maliciously then blocked with the Resource Server, and continues to attempt to
Other Resource Servers for obtaining in step S1 and sequentially carry out step S2 and S3, until determining server confirm non-malicious or
Number of attempt reaches user preset number;It is then chosen whether to download the application program by user if it is safety: if it is safety
It is then chosen whether to download or directly download the application program by user, wherein the application program is then directly downloaded if it is safety,
And if it is being chosen whether to download the application program by user to rule, subsequent step is carried out if downloading, if not downloading really
This method is directly exited calmly still to continue to attempt to the other Resource Servers obtained in step S1 and sequentially carry out step S2 and S3
Until determining server confirmation meets the desired security attribute of user or number of attempt reaches user preset number.
Preferably, step S4 further comprises: terminal installs the application program and extracts its information after downloading, answers this
Signature processing is carried out with program, and sends the information of extraction in the step of determining server carries out security credential, wherein
Terminal during the application program is installed, the file suffixes name for changing application program is wherein wrapped with being decompressed
Include by compiling and the first file for being packed into of tool, obtain transformation tool will include that the category file of item name is copied
Shellfish generates at the first directory location by class switch order the packet data in application program to the first directory location;
Library function by traversing packet data obtains the function transferred, and determines its behavior category by the behavioural information for the function transferred
Property, wherein behavior information includes access behavioural information, creation process behavior information, operation process behavior information, operation registration
Table behavioural information, application transfer the identifier of other application program and the behavioural information of permission, installation behavioural information, compression are packaged
Behavioural information and mobile data transfer behavioural information, and behavior property include malice whether;It is transferred according to behavior property determination
The behavior execution route of function, which is recorded, a part of the information as extraction, in the next steps
Determining server is uploaded to, by by some or all of the execution route and the path based on bytecode in determining server
Big data is analyzed, and then carries out security credential.During wherein terminal carries out signature processing to the application program, base
Application program after decompression obtains All Files in application program;The file of the first kind is calculated with Secure Hash Algorithm
Encoded radio deposit is different from the of the Second Type of the first kind by summary info, and encoding to the summary info later
In one file, and the summary info in the first file of Second Type and private key information one group of signature of generation will be previously stored in
Information and the first position being stored in second files different from the first file of Second Type, signing messages and public key are deposited
Enter in the second position in the second file, wherein the first kind and Second Type are related to the file of different directories type.
Preferably, in above-mentioned steps S4, extracting information further comprises extracting the other parts of information, it may be assumed that will be applied
The file of the entitled compressed package form of file renamed as suffix of program is simultaneously decompressed, and then obtains the first configuration file, is made
The first configuration file is converted into operable text formatting with the first open source software;The second open source software decompiling solution will be used
Binary sound code file in the result of pressure;Binary sound code file is restored using third open source software to obtain the application
The source code of the file of program;Source code is scanned by the source code of the file based on application program using matching algorithm, and to specified
Keyword is counted, and is obtained quantity and corresponding position of the specified each keyword in class file and is stored using matrix,
The similarity distance between every two keyword is calculated based on distance algorithm;Based on similarity distance to keyword classification, and by matrix
In each keyword as root node, the high keyword of similarity between each node is condensed together, with storage
The matrix of the position at place compares, and removes different classes of keyword, and then classified and stored;It will be in the property data base in terminal
The feature of the security application of storage and the feature of classified and stored compare, and remove in the feature of the application program and include
Security feature is to avoid increasing information processing capacity and increase message processing time and power consumption and the limited processing of waste terminal provides
Source;Using classified and stored and the data of feature are removed as the other parts for the information extracted, and are sent to together with other information
Determining server carries out security credential.
Preferably, step S5 further comprises: terminal receive security credential of the determining server based on big data as a result,
And it is further determined whether based on the result maliciously, the application program to be unloaded when for malice, when to be safe in the terminal
Retain the application program, and works as and show user to belong to so that user understands safety on a display screen indicating risk information to timing
Property and select unloading or retain;When retaining the application program, permission is assigned to the application program, which includes storage power
It limits, permission of taking pictures, permission, recording permission, the permission for calling end sensor, reading and the transmission short message power that microphone uses
It limits, make a phone call permission, the permission of SIM card number of identification terminal installation, the permission for reading address list, reading user movement number
According to permission, open mobile operator communication network connection permission, open Wireless Fidelity connection permission, read other application program
Permission, read instant message applications communications records permission, assign permission include assign enable permission or assign disabling
Permission;When determining unloading, determining server is sent by the information of the application program to update and be used in determining server greatly
The database of data analysis, judgement and confirmation.
Preferably, it in step S6, when the application program executes at the terminal, obtains its operating parameter and is analyzed,
Including: executing application obtains the behavioral parameters in its operational process, and behavior parameter includes system API, file power
Variation, process and the thread operation data of limit call data, network access request data, the network data of transmission, by the behavior
Reference record is in journal file;The transplantable creation operation for executing file in application program is monitored, determines that it creates main body,
Transplantable execution file is established in terminal memory creates intersubjective corresponding relationship with it;It is voluntarily transported using simulation tool
The operation operation of row and simulation terminal user, to obtain journal file record and network data packets file record;In simulation work
Have an end of run, and open and connect and as time goes by and after data communication terminates in network link, by log text
Part record and network data packets file record are stored in the first storage location;To journal file record and network data packets
File record is analyzed, wherein using feature extraction to the characteristic quantity of journal file record and network data packets file record
Change, permission, API, URL and character string are converted into numerical characteristics, using using the feature selecting algorithm based on mean value and variance
It selects the subset of feature, combining classification and cluster and label to construct regular logarithm value tag to be predicted, it is special based on the numerical value
Sign with preset configuration file in parameter values match and determine its operation action attribute, that is, the application program installed for
It is whether safe for terminal, and the first part of the result as analysis;When result is safe or opposite, journey will be applied
It is transplantable in sequence to execute file and it creates the second part of the corresponding relationship of main body as the result analyzed, when being dangerous
I.e. malice when, in addition by the relevant information for creating main body be marked using as identify the application program terminal can be impacted
Malice identification information and supplement part as second part, update big data analysis for being sent to determining server and determine
With the database of confirmation, and recorded and stored in security information database in terminal using the source as malice,
Can the application program in the source be provided and be shown to user when subsequent installation as the application program from malicious origin, supply
User thorough killing optionally is carried out to the source and nip off the source and from its all application programs installation and should
Any access request of the source to terminal;The second part of the result of the first part and analysis of the result of polymerization analysis using as
The information of the application program.
Preferably, in step S7, the result based on analysis further determines that retaining the application program in the terminal still unloads
Carry the application program, and by the information of the application program send determining server with update be used for big data analysis, determine and
The database of confirmation further comprises: the first part of result of the terminal based on analysis, retains when for the application program of safety
The application program, and first part and the knot of analysis for unloading the application program when for malice, and will including the result analyzed
The information of the application program of the second part of fruit is sent to determining server to update for big data analysis, judgement and confirmation
Database, wherein the second part of the result of analysis further includes having for the relevant information for creating main body to be marked when for malice
It can be to the supplement part for the malice identification information that terminal impacts using the application program as mark.
Preferably, in the step s 7, it after having executed above-mentioned steps, further executes following operation: being applied in unloading
After program, monitoring programme is activated when terminal starts network communication, so that the monitoring programme real-time interception passes through network
The data of transmitting-receiving, and the source of the data sink of transmission and/or received data source and predetermined malice is subjected to feature
Match, this is given to user as the result is shown when meeting matching criteria and analyzes the position where data to be sent and to the data
The Name & Location for the entity being called, and the Name & Location of the entity of the calling is subjected to fixed point removal, it shows later
The operating as a result, repeating above-mentioned removal if unsuccessful and user is showed to remove process of success or not is removed, until meeting
Until preset requirement.
Further, data to be sent are also analyzed while analyzing the position where data to be sent, are with determination
The no account containing user, contact person, identifying code, contact method information, and if so, by indicating risk to user.
Preferably, in step S8, when the privacy of user data in application requests access terminal, terminal is according to power
Limit allocation list confirms its access authority, and executes respective operations and further comprise: when in application requests access terminal
When privacy of user data, access request is sent to the processor of terminal by application program, and processor sends application program identification
To authority management module, to determine the access authority of the application program according to the authority configuration table in authority management module, when answering
When having one of plural kind of private data or a variety of access authority with program, processor determines that the application requests are visited
Whether the access authority of the privacy of user data in the terminal asked meets the access authority that authority configuration table determines, if meeting
Give application assigned one corresponding rendering engine, processor issues jump instruction, and will answer after executing jump instruction
With the entrance of program designation to rendering engine, with for by the rendering engine to the privacy of user data in the terminal requested access to
It explains, and the privacy of user data of explanation is sent to the application program.
Preferably, which is the data converted to ensure user information safety, in the terminal
When storage will not plain code storage and obtained by malicious code or file or software attacks and then cause irremediable damage to user
It loses, wherein be converted into first by the code form of original function only can be by the rendering engine solution of terminal for the privacy of user data
It releases, can not effectively divide the bytecode for cracking and seeming no obvious meaning, the bytecode for third party software
Explained with pieces by rendering engine, and the fragment length is limited by the rendering engine, at the same each segment it
Between, the end of previous segment it is identifiable by rendering engine, indicate interval, in the form of the bytecode of finite data length
Separator;Jump instruction is set for bytecode, and is stored in register, the simultaneously erased code form table by original function
The privacy of user data shown;When the privacy of user data in application requests access terminal, if the processor determine that this is answered
Whether the access authority of the privacy of user data in terminal accessed with PROGRAMMED REQUESTS meets the access right that authority configuration table determines
Limit, then jump instruction is transferred and issued to processor, and guides application program to rendering engine after executing jump instruction
Entrance, with for being explained by the rendering engine to the privacy of user data in the terminal requested access to, and by the use of explanation
Family private data is sent to the application program.
Preferably, in step S9, when terminal has new instant communication information incoming and the application requests access,
Terminal enables the access of the application program based on access setting or forbids: when terminal has new instant messaging
When message is passed to, terminal receives the instant communication information of the new incoming, and analyzes it by the message-analysis module of terminal
In include classified information, in the incoming instant communication information of the message-analysis module judgement of terminal whether comprising user password,
The combined information of any one or more in account, identifying code with effective time, when comprising it is therein any one or more with
When the combined information of effective time, the instant communication information of the new incoming is stored into the secret repository of terminal, otherwise
The instant communication information of new incoming is stored into the conventional repository of terminal;When comprising it is therein any one or more with it is effective
The combined information of time, and when the application program of installation attempts to access that the incoming instant communication information, rights management mould
Block verifies whether the application program has access authority to incoming instant communication information, if not having access authority (i),
Then the instant communication information of new incoming is not sent to the application program by the secret repository of authority management module notice terminal, with
And (ii), if having access authority, authority management module is to secret repository sending application program to disappearing in secret repository
The read requests of breath, and whether the message-analysis module of authority management module notice terminal judges present period in the new of storage
In effective reading period of incoming instant communication information, when in effective reading period of the instant communication information in new incoming
When, then the instant communication information of the new incoming wherein stored is sent to application program by secret repository, otherwise when being not at
In effective reading period of the instant communication information of new incoming, that is, be in the instant communication information of new incoming forbids the reading period
When middle, the instant communication information of the new incoming wherein stored is sent to application program by secret repository refusal, until it is forbidden
Period releasing is read, even if application program is attempted to read private information success at this time, due to surpassing over time
Accessible effective reading period of the instant communication information of new incoming out, so even if application program reads secret letter
Breath also can not constitute terminal because effectual time has been crossed and attack, significantly reduce private of the malicious application to terminal
Confidential information being stolen and revealing;And it stores when by the instant communication information of new incoming into the conventional repository of terminal, and work as
When the application program of installation attempts to access that the incoming instant communication information, authority management module verifies whether the application program has
There is the access authority to incoming instant communication information, if not having access authority (i), authority management module notifies terminal
Conventional repository the instant communication information of new incoming is not sent to the application program, and (ii) if having access right
Limit, then limit read requests of the management module to conventional repository sending application program to message in conventional repository, and by normal
It advises repository and the instant communication information of the new incoming wherein stored is sent to application program.
According to an exemplary embodiment of the invention, Fig. 3 illustrates a kind of big data analysis system based on terminal, including terminal
And determining server, wherein terminal includes: processor, authority management module, rendering engine, message-analysis module, secret storage
Library, conventional repository;Determining server is internally provided with for big data analysis, confirmation and the database of judgement.
Preferably, the big data analysis system based on terminal is for executing following methods and step: terminal searching institute
The application program of need simultaneously sends it to confirmation whether determining server carries out malice;Terminal is based on determining server according to big
It is whether the malice that data obtain to reattempt to other resource downloadings or user chooses whether to download or directly download as a result, determining
The application program: terminal downloads install the application program and extract information, are sent to determining server and carry out security credential;Eventually
End group determines that retaining the application program in the terminal still unloads the application program in the security credential of determining server;With
And terminal determines after retaining the application program, the operation of subsequent applications program, the sensitivity in access terminal or when private data into
Row rights management is to be enabled or be forbidden.
Preferably, the big data analysis system based on terminal further performs the step of: step S1, terminal via
Application program needed for wireless network search, and obtain the title and/or IP information of the Resource Server containing application program;Step
Rapid S2, terminal send the title of the Resource Server and/or IP information to confirmation whether determining server carries out malice;Step
Rapid S3, the result whether malice that terminal is confirmed according to determining server based on big data execute respective operations: if malice
It blocks the communication link with the Resource Server and continues to attempt to the other Resource Servers obtained in step S1 and sequentially carry out
Step S2 and S3, until determining server confirms that non-malicious or number of attempt reach user preset number;If non-malicious
It is chosen whether to download or directly download the application program by user;Step S4, terminal is installed the application program and is extracted after downloading
Its information carries out signature processing to the application program, and sends determining server for the information of extraction and carry out security credential;
Step S5, terminal retain this using journey as a result, determining based on the security credential of big data according to determining server in the terminal
Sequence still unloads the application program;When retaining the application program, distinctive permission is assigned to the application program, and when unloaded
Determining server is sent by the information of the application program to update and be used for big data analysis, judgement and the database of confirmation;Step
Rapid S6 obtains its operating parameter and is analyzed when the application program executes at the terminal;Step S7, the knot based on analysis
Fruit further determines that retaining the application program in the terminal still unloads the application program, and the information of the application program is sent
To determining server to update for big data analysis, judgement and the database of confirmation;Step S8, when the application requests are visited
When asking the privacy of user data in terminal, terminal confirms its access authority according to authority configuration table, and executes respective operations;Step
S9, when terminal has new instant communication information incoming and the application requests access, terminal is right based on access setting
The access of the application program is enabled or forbids.
According to the above-described big data analysis system based on terminal, big data and information security technology can be utilized,
Safety detection is carried out to application program in erection stage, and the application program harmful to terminal intercepts, and to it
Source is confirmed and is blocked;And the legally or illegally access of user privacy information in terminal is asked for application program
Topic carries out privacy information reading by reasonable management and ensures to read not past default access, or avoided by setting
Unreasonable access of the application program to privacy program, and then the safety based on big data and rights management realization system.
Preferably, the big data analysis system based on terminal further performs the step of: directly pacifying via terminal
The browser of dress is scanned for by inputting the title of desired application program by search engine;Or current non-clear
During device of looking at is applied, by user's finger long-pressing screen, occurs the option of selection text on the screen, user is by selection and highlights
All or part of title of application program, and the search button occurred on screen is clicked after selected, it is pressed by clicking the search
Button and the selection icon for one or more browsers occur is for selection, scanned for after selecting corresponding browser icon;
Or in current non-browser application, by selecting the search icon in non-browser application, occur on the screen defeated
Enter frame, after inputting desired application name, which applies or call directly third party's browsing of default
The selection icon that device scanned for or occurred one or more browsers is for selection and selecting corresponding browser figure
It is scanned for after mark;Or be embedded with browser instant messaging application in or by user's finger long-pressing screen and
Occurs the option of selection text on screen, by selecting and highlighting all or part of title of application program and click after selected
The search button that occurs on screen and call the browser of insertion to scan for or by selecting during the non-browser applies
It searches for icon and occurs input frame on the screen, call the browser of insertion to carry out by inputting desired application name
Search.After the application program needed for via wireless network search, is obtained according to result and contain application program for identifying
The title and/or IP address of Resource Server.
Preferably, the big data analysis system based on terminal further performs the step of: terminal selects the resource
Any one of title and/or IP information of server or both, and it is packaged in fixed packet transformat to be transmitted
Packet in, and set request attribute for the header of packet, any one of title and/or IP information in packet to be transmitted or
Pass through fixed end mark after the two to terminate, in order to determining server identification, later send the packet by Radio Link
To determining server, for carrying out confirmation whether malice.
Preferably, the big data analysis system based on terminal further performs the step of S3: in determining server
Portion is provided with for big data analysis, confirmation and the database of judgement, which has the application program for terminal
Security attribute information, including malice, it is safe and undetermined, which is updated as time goes by, more
Any one of modes such as new paragon is uploaded by user, information centre notifies carry out;Determining server receives terminal transmission
Packet, and based on preset fractionations packet rule, extract the Resource Server in wrapping title and/or any one of IP information or
The two, and be entered into the database of internal setting, to carry out information matches, when have the occurrence that meets safety or malice with
And be confirmed to be without matching to timing, the result of the clear and undetermined security attribute information is packaged, via wireless
Link is sent to terminal;Terminal receives the packet and splits packet, extracts security attribute information therein, if it is maliciously then block with
The communication link of the Resource Server, and continue to attempt to the other Resource Servers obtained in step S1 and sequentially carry out step S2
And S3, until determining server confirms that non-malicious or number of attempt reach user preset number;If it is safety then by user
It chooses whether to download the application program: then being chosen whether to download or directly download the application program by user if it is safety,
In then directly download the application program if it is safety, and if it is being chosen whether to download the application program by user to rule,
Subsequent step is carried out if downloading, directly exits what the big data analysis system based on terminal executed if not downloading and determining
Method still continues to attempt to the other Resource Servers obtained in step S1 and sequentially carries out step S2 and S3 until determining service
Device confirmation meets the desired security attribute of user or number of attempt reaches user preset number;
Preferably, the big data analysis system based on terminal further performs the step of S4: terminal after downloading
The application program is installed and extracts its information, signature processing is carried out to the application program, and send judgement for the information of extraction
Server carried out in the step of security credential, and terminal therein changes application program during installing the application program
File suffixes name with decompressed obtain including by compiling and the first file for being packed into of tool, become
Tool is changed will include that the category file of item name copies the first directory location to, passes through classification at the first directory location and turns
It changes order and generates the packet data in application program;Library function by traversing packet data obtains the function transferred, and leads to
The behavioural information for crossing the function transferred determines its behavior property, and wherein behavior information includes access behavioural information, creation process
Behavioural information, operation process behavior information, Registry behavioural information, the identifier and power for applying for transferring other application program
Behavioural information, installation behavioural information, compression packing behavioural information and the mobile data transfer behavioural information of limit, and behavior property packet
Whether including malice;The behavior execution route that the function transferred is determined according to behavior property, which is recorded, as
A part of the information of extraction, to upload to determining server in the next steps, by by the part of the execution route or entirely
Portion is analyzed with the path big data based on bytecode in determining server, and then carries out security credential.Wherein terminal
During carrying out signature processing to the application program, based on the application program after decompression, All Files in application program are obtained;
The file of first kind Secure Hash Algorithm is calculated into summary info, and the summary info is encoded, it later will coding
In first file of the Second Type that value deposit is different from the first kind, and the first file that Second Type will be previously stored in
In summary info and private key information generate one group of signing messages and be stored in second different from the first file of Second Type
Signing messages and public key are stored in the second position in the second file by the first position in file, wherein the first kind and the
Two types are related to the file of different directories type.
Preferably, the big data analysis system based on terminal further performs the step of S4, extracts information into one
Step includes extracting the other parts of information, it may be assumed that by the file of the entitled compressed package form of file renamed as suffix of application program
And decompressed, and then obtain the first configuration file, the first configuration file is converted into using the first open source software operable
Text formatting;By binary sound code file in the result for using the second open source software decompiling to decompress;It is increased income using third
The binary sound code file of software back is to obtain the source code of the file of the application program;The source of file based on application program
Source code, is scanned, and counted to designated key word using matching algorithm, obtains specified each keyword in class by code
Quantity and corresponding position in file are simultaneously stored using matrix, based on distance algorithm calculate between every two keyword it is similar away from
From;Based on similarity distance to keyword classification, and using each keyword in matrix as root node, between each node
The high keyword of similarity condenses together, and compares with the matrix of the position at the place of storage, removes different classes of keyword,
And then classified and stored;By the feature of the feature of the security application stored in the property data base in terminal and classified and stored into
Row comparison removes the security feature that includes in the feature of the application program to avoid increasing information processing capacity and increasing information processing
Time and power consumption and the waste limited process resource of terminal;Using classified and stored and the data of feature are removed as the information extracted
Other parts, be sent to together with other information determining server carry out security credential.
Preferably, the big data analysis system based on terminal further performs the step of S5: terminal, which receives, to be determined
Security credential of the server based on big data as a result, and based on the result further determine whether for malice, when for malice
The application program is unloaded, retains the application program in the terminal when to be safe, and is worked as indicating risk information to timing aobvious
Show user so that user understands security attribute and selects unloading or reservation in display screen;It is right when retaining the application program
The application program assigns permission, which includes storage permission, permission of taking pictures, and permission that microphone uses, is called recording permission
The permission of end sensor, reading and the SIM card number for sending short message permission, making a phone call permission, identification terminal installation
Permission, read address list permission, read user movement data permission, open mobile operator communication network connection permission,
The permission of the communications records of Wireless Fidelity connection permission, the permission for reading other application program, reading instant message applications is opened,
Assigning permission includes assigning enabling permission or imparting disabling permission;When determining unloading, the information of the application program is sent
To determining server to update in determining server for big data analysis, judgement and the database of confirmation.
Preferably, the big data analysis system based on terminal further performs the step of S6, when the application program
When executing at the terminal, obtains its operating parameter and analyzed, including: executing application obtains its operational process
In behavioral parameters, behavior parameter include system API, the variation of file permission, process and thread operation data, call number
According to, network access request data, the network data of transmission, by behavior reference record in journal file;Monitor application program
In the transplantable creation operation for executing file, determine that its creates main body, established in terminal memory and transplantable execute text
Part creates intersubjective corresponding relationship with it;The operation operation of terminal user is voluntarily run and simulated using simulation tool, to obtain
Obtain journal file record and network data packets file record;It is connect in simulation tool end of run, and in network link unlatching
It is logical and as time goes by and after data communication terminates, journal file record and network data packets file record are stored
In the first storage location;Journal file record and network data packets file record are analyzed, wherein being mentioned using feature
The characteristic quantification to journal file record and network data packets file record is taken, permission, API, URL and character string are converted into
Numerical characteristics, using using based on the feature selecting algorithm of mean value and variance selection feature subset, combining classification and cluster with
And label constructs regular logarithm value tag and is predicted, the numerical value based on the parameter in the numerical characteristics and preset configuration file
Match and determine its operation action attribute, that is, whether the application program installed is safe for terminal, and as analysis
Result first part;When result is safe or opposite, execution file transplantable in application program is created into master with it
In addition second part of the corresponding relationship of body as the result of analysis will create the correlation of main body when for dangerous i.e. malice
Information be marked using as identify the application program can be to the malice identification information that terminal impacts and as second part
Supplement part, for be sent to determining server update big data analysis determine and confirmation database, and terminal into
Row is recorded and stored using the source as malice in security information database, can be by the application journey in the source in subsequent installation
Sequence provides and is shown to user as the application program from malicious origin, is optionally thoroughly looked into the source for user
Kill and nip off the source and from its all application programs installation and the source to any access request of terminal;Polymerization
The second part of the result of the first part and analysis of the result of analysis is using the information as the application program.
Preferably, the big data analysis system based on terminal further performs the step of S7, the knot based on analysis
Fruit further determines that retaining the application program in the terminal still unloads the application program, and the information of the application program is sent
Further comprise for big data analysis, judgement and the database of confirmation to update to determining server: terminal is based on analysis
As a result first part retains the application program when for the application program of safety, and the application program is unloaded when for malice,
And judgement is sent by the information of the first part of the result including analysis and the application program of the second part of the result of analysis
Server is to update for big data analysis, judgement and the database of confirmation, wherein when for malice, second of the result of analysis
Divide further includes having that the relevant information for creating main body is marked using the application program as mark and can impact terminal
The supplement part of malice identification information.
Preferably, the big data analysis system based on terminal further performs the step of S7, above-mentioned having executed
After step, following operation is further executed: after unloading application program, the activation monitoring journey when terminal starts network communication
Sequence, so that the data that the monitoring programme real-time interception is received and dispatched by network, and by the data sink of transmission and/or received number
Characteristic matching is carried out according to source and the source of predetermined malice, give this to user as the result is shown when meeting matching criteria and is divided
Analyse the position where data to be sent and the Name & Location for the entity being called to the data, and by the reality of the calling
The Name & Location of body carries out fixed point removal, show later remove success or not as a result, repeating above-mentioned shifting if unsuccessful
Except operate and show user remove process, until meeting preset requirement.
Further, data to be sent are also analyzed while analyzing the position where data to be sent, are with determination
The no account containing user, contact person, identifying code, contact method information, and if so, by indicating risk to user.
Preferably, the big data analysis system based on terminal further performs the step of S8, when the application program
When requesting access to the privacy of user data in terminal, terminal confirms its access authority according to authority configuration table, and executes corresponding behaviour
Work further comprises: when the privacy of user data in application requests access terminal, application program sends out access request
The processor of terminal is given, application program identification is sent to authority management module by processor, according in authority management module
Authority configuration table determine the access authority of the application program, when application program has one of plural kind of private data or more
When the access authority of kind, processor determines that the access authority of the privacy of user data in the terminal of application requests access is
The no access authority for meeting authority configuration table and determining, gives one corresponding rendering engine of application assigned, place if meeting
Manage device and issue jump instruction, and guide application program to the entrance of rendering engine after executing jump instruction, be used for by
The rendering engine explains the privacy of user data in the terminal requested access to, and the privacy of user data of explanation are sent
Give the application program.
Preferably, which is the data converted to ensure user information safety, in the terminal
When storage will not plain code storage and obtained by malicious code or file or software attacks and then cause irremediable damage to user
It loses, wherein be converted into first by the code form of original function only can be by the rendering engine solution of terminal for the privacy of user data
It releases, can not effectively divide the bytecode for cracking and seeming no obvious meaning, the bytecode for third party software
Explained with pieces by rendering engine, and the fragment length is limited by the rendering engine, at the same each segment it
Between, the end of previous segment it is identifiable by rendering engine, indicate interval, in the form of the bytecode of finite data length
Separator;Jump instruction is set for bytecode, and is stored in register, the simultaneously erased code form table by original function
The privacy of user data shown;When the privacy of user data in application requests access terminal, if the processor determine that this is answered
Whether the access authority of the privacy of user data in terminal accessed with PROGRAMMED REQUESTS meets the access right that authority configuration table determines
Limit, then jump instruction is transferred and issued to processor, and guides application program to rendering engine after executing jump instruction
Entrance, with for being explained by the rendering engine to the privacy of user data in the terminal requested access to, and by the use of explanation
Family private data is sent to the application program.
Preferably, the big data analysis system based on terminal further performs the step of S9, when terminal have it is new
When instant communication information is incoming and the application requests access, access of the terminal based on access setting and to the application program
It is enabled or forbid further comprise: when terminal has new instant communication information to be passed to, instant messaging of the terminal to the new incoming
Message is received, and analyzes classified information wherein included, the message-analysis module of terminal by the message-analysis module of terminal
In the incoming instant communication information of judgement whether comprising in user password, account, identifying code any one or more with it is effective when
Between combined information, when comprising any one or more combined information with effective time therein, by the new incoming
Instant communication information is stored into the secret repository of terminal, otherwise by the instant communication information storage of new incoming to the normal of terminal
It advises in repository;When comprising any one or more combined information with effective time therein, and when the application program of installation
When attempting to access that the incoming instant communication information, authority management module verifies whether the application program has to incoming instant
The access authority of communication message, if not having access authority (i), authority management module notifies the secret repository of terminal not
The instant communication information of new incoming is sent to the application program, and (ii) if having access authority, rights management mould
Block is to secret repository sending application program to the read requests of message in secret repository, and authority management module notice is eventually
The message-analysis module at end judge present period whether in effective reading period of the instant communication information of the new incoming of storage,
When in effective reading period of the instant communication information in new incoming, then the new incoming that will wherein be stored by secret repository
Instant communication information be sent to application program, otherwise when the effective reading period for the instant communication information for being not at new incoming
In, i.e. when forbidding in the reading period of the instant communication information in new incoming, secret repository refusal is new by what is wherein stored
Incoming instant communication information is sent to application program, until it forbids reading period releasing, even if application program is attempted at this time
Read private information success, due to over time and beyond new incoming instant communication information it is accessible
The period is effectively read, so even if application program reads private information, it also can not be to terminal structure because effectual time has been crossed
At attack, malicious application stealing and revealing to the private information of terminal is significantly reduced;And work as new incoming
Instant communication information is stored into the conventional repository of terminal, and when the application program of installation attempts to access that the incoming Instant Messenger
When interrogating message, authority management module verifies whether the application program has access authority to incoming instant communication information, (i)
If not having access authority, authority management module notifies the conventional repository of terminal not by the instant communication information of new incoming
It is sent to the application program, and (ii) limits management module to conventional repository sending application journey if having access authority
The read requests of message in ordered pair routine repository, and the instant messaging of the new incoming wherein stored is disappeared by conventional repository
Breath is sent to application program.
Above-mentioned each technical term is the routine techniques term with common meaning in this field, in order not to obscure this
The emphasis of invention, is not further explained it herein.
To sum up, in the inventive solutions, the big data analysis method by using a kind of based on terminal and it is
System can utilize big data and information security technology, carry out safety detection to application program in erection stage, and to end
It holds harmful application program to be intercepted, and its source is confirmed and blocked;And for application program for terminal
The privacy information of terminal is encrypted in the legally or illegally access problem of middle user privacy information, the present invention, for
Lawful access carries out privacy information reading by reasonable management and ensures to read not past default access, and for illegal
Access blocks setting to avoid unreasonable access of the application program to privacy program by time setting or permission.Pass through this
The method and system of invention can realize the safety of system based on big data and rights management, and finally guarantee application program
The safety of downloading, operation and data access at the terminal.
It will be appreciated that example and reality of the invention can be realized in the form of the combination of hardware, software or hardware and software
Apply example.As described above, any main body for executing this method can be stored, in the form of volatility or non-volatile holographic storage, such as
Equipment is stored, as ROM, whether no matter can erasing or is rewritable, or in the form of a memory, such as RAM, storage core
Piece, equipment or integrated circuit or on the readable medium of light or magnetic, such as CD, DVD, disk or tape.It will be appreciated that
Storage equipment and storage medium are suitable for storing the example of the machine readable storage of one or more programs, upon being performed,
One or more of programs realize example of the invention.Via any medium, such as it is loaded with by wired or wireless coupling
Signal of communication can electronically transmit example of the invention, and example suitably includes identical content.
It is to be noted that because the present invention is solved using big data and information security technology, it is corresponding in erection stage
Carry out safety detection with program, and the application program harmful to terminal intercepts, and to its source carry out confirmation and
It blocks;And for application program for the legally or illegally access problem of user privacy information in terminal, the present invention is for end
The privacy information at end is encrypted, and for Lawful access, carries out privacy information reading by reasonable management and ensures
It reads not past default access, and for unauthorized access, block setting to avoid application program by time setting or permission
Unreasonable access to privacy program.Through the method and system of the present invention, system can be realized based on big data and rights management
The safety of system, and the technical issues of finally guarantee application program downloading, operation and the safety of data access at the terminal,
Technological means to understand is instructed according to it after reading this description using technician in the art, and is obtained
Advantageous effects are taken, so claimed scheme belongs to the technical side on patent law purposes in the following claims
Case.In addition, because the claimed technical solution of appended claims can be made or used in industry, program tool
Standby practicability.
The above, preferable specific embodiment only of the invention, but protection scope of the present invention is not limited to
This, anyone skilled in the art in the technical scope disclosed by the present invention, the variation that can readily occur in or replaces
It changes, should all forgive within protection scope of the present invention.Unless be otherwise expressly recited, otherwise disclosed each feature is only
It is equivalent or similar characteristics a example for general series.Therefore, protection scope of the present invention should be with claims
Subject to protection scope.
Claims (10)
1. a kind of big data analysis method based on terminal, comprising:
(A) application program needed for terminal searching and send it to determining server carry out malice whether confirmation;
(B) whether the malice that terminal is obtained based on determining server according to big data to reattempt to other resources as a result, determining
Downloading or user choose whether to download or directly download the application program:
(C) terminal downloads install the application program and extract information, are sent to determining server and carry out security credential;
(D) security credential of the terminal based on determining server is determined to retain the application program in the terminal and still unload this and be answered
Use program;And
(E) after terminal determines the reservation application program, the operation of subsequent applications program, the sensitivity in access terminal or private data
Shi Jinhang rights management is to be enabled or be forbidden.
2. the big data analysis method according to claim 1 based on terminal, wherein this method further comprises following step
It is rapid:
Step S1, terminal obtain the Resource Server containing application program via application program needed for wireless network search
Title and/or IP information;
Step S2, terminal send the title of the Resource Server and/or IP information to whether determining server carries out maliciously
Confirmation;
Step S3, the result whether malice that terminal is confirmed according to determining server based on big data execute respective operations: if
Malice then blocks and the communication link of the Resource Server and continues to attempt to other Resource Servers obtained in step S1 and suitable
Secondary execution step S2 and S3, until determining server confirms that non-malicious or number of attempt reach user preset number;If non-
Malice is then chosen whether to download or directly download the application program by user;
Step S4, terminal installs the application program and extracts its information after downloading, carries out signature processing to the application program, and will
The information of extraction is sent to determining server and carries out security credential;
Step S5, terminal are answered based on the security credential of big data as a result, determining and retaining this in the terminal according to determining server
The application program is still unloaded with program;When retaining the application program, distinctive permission is assigned to the application program, and works as and unloads
Determining server is sent to update and be used for big data analysis, judgement and the data of confirmation by the information of the application program when load
Library;
Step S6 obtains its operating parameter and is analyzed when the application program executes at the terminal;
Step S7, the result based on analysis further determine that retaining the application program in the terminal still unloads the application program,
And determining server is sent to update and be used for big data analysis, judgement and the database of confirmation by the information of the application program.
3. the big data analysis method according to claim 2 based on terminal, wherein this method further comprises:
Step S8, when the privacy of user data in application requests access terminal, terminal confirms according to authority configuration table
Its access authority, and execute respective operations.
4. the big data analysis method according to claim 3 based on terminal, wherein this method further comprises:
Step S9, when terminal has new instant communication information incoming and the application requests access, terminal is based on access
It is arranged and the access of the application program is enabled or forbidden.
5. the big data analysis method according to claim 4 based on terminal, in which:
Step S1 further comprises: the browser directly installed via terminal, by inputting the title of desired application program, leads to
Search engine is crossed to scan for;Or in current non-browser application, by user's finger long-pressing screen, go out on the screen
The option of text is now selected, user passes through all or part of title of selection and highlighted application program, and screen is clicked after selected
There is the selection icon of one or more browsers and clicking the search button for choosing in the search button occurred on curtain
It selects, is scanned for after selecting corresponding browser icon.
6. the big data analysis method according to claim 4 based on terminal, in which:
Step S1 further comprises: in the instant messaging application for being embedded with browser or through user's finger long-pressing screen
And occur the option of selection text on the screen, by selecting and highlighting all or part of title of application program and after selected
It clicks the search button occurred on screen and the browser of insertion is called to scan for or pass through to select the non-browser application
In search icon and occur input frame on the screen, the browser of insertion is called by inputting desired application name
It scans for.
7. the big data analysis method according to any one of claim 5-6 based on terminal, in which:
After the application program needed for via wireless network search, obtained according to result for identifying the money containing application program
The title and/or IP address of source server.
8. the big data analysis method according to claim 7 based on terminal, in which:
Step S2 further comprises: terminal selects any one of title and/or IP information of the Resource Server or both, and
It is packaged in packet to be transmitted with fixed packet transformat, and sets request attribute for the header of packet, to be transmitted
Packet in title and/or any one of IP information or both after terminated by fixed end mark, in order to determine to take
Business device identification, sends determining server by Radio Link for the packet later, for carrying out confirmation whether malice.
9. the big data analysis method according to claim 8 based on terminal, in which:
Step S3 further comprises: determining server is internally provided with for big data analysis, confirmation and the database of judgement, should
Database purchase has the security attribute information of the application program for terminal, including malice, safe and undetermined, security attribute letter
Any in the modes such as breath is updated as time goes by, and update mode is uploaded by user, information centre notifies
It plants and carries out;Determining server receives the packet of terminal transmission, and based on preset fractionation packet rule, extracts the resource service in packet
Any one of title and/or IP information of device or both, and it is entered into the database of internal setting, to carry out information
Match, when having the occurrence for meeting safety or malice and being confirmed to be without matching to timing, by the clear and undetermined safety
The result of attribute information is packaged, and is sent to terminal via Radio Link;Terminal receives the packet and splits packet, extracts therein
Security attribute information if it is the communication link maliciously then blocked with the Resource Server, and continues to attempt to obtain in step S1
Other Resource Servers and sequentially carry out step S2 and S3, until determining server confirms that non-malicious or number of attempt reach
User preset number;It is then chosen whether to download the application program by user if it is safety: then be selected by user if it is safety
The application program whether is downloaded or directly downloads, wherein the application program is then directly downloaded if it is safety, and if it is undetermined
It is then chosen whether to download the application program by user, carries out subsequent step if downloading, if not downloading determination directly exits this
Method still continues to attempt to the other Resource Servers obtained in step S1 and sequentially carries out step S2 and S3 until determining service
Device confirmation meets the desired security attribute of user or number of attempt reaches user preset number.
10. a kind of big data analysis system based on terminal, including terminal and determining server, wherein terminal includes: processor,
Authority management module, rendering engine, message-analysis module, secret repository, conventional repository;Determining server is internally provided with
For big data analysis, confirmation and the database of judgement;The big data analysis system based on terminal is wanted for perform claim
Big data analysis method described in asking 9 based on terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910336086.8A CN110071924B (en) | 2019-04-24 | 2019-04-24 | Big data analysis method and system based on terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910336086.8A CN110071924B (en) | 2019-04-24 | 2019-04-24 | Big data analysis method and system based on terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110071924A true CN110071924A (en) | 2019-07-30 |
| CN110071924B CN110071924B (en) | 2020-07-31 |
Family
ID=67368716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910336086.8A Active CN110071924B (en) | 2019-04-24 | 2019-04-24 | Big data analysis method and system based on terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110071924B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110801630A (en) * | 2019-11-04 | 2020-02-18 | 网易(杭州)网络有限公司 | Cheating program determining method, device, equipment and storage medium |
| CN111092993A (en) * | 2020-03-20 | 2020-05-01 | 北京热云科技有限公司 | Method and system for detecting hijacking behavior of apk file |
| CN112613035A (en) * | 2020-12-18 | 2021-04-06 | 深圳市安络科技有限公司 | Ios system-based app security detection method, device and equipment |
| CN114866532A (en) * | 2022-04-25 | 2022-08-05 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103019938A (en) * | 2012-12-26 | 2013-04-03 | 北京搜狐新媒体信息技术有限公司 | Method and device for locally testing application program based on cloud platform |
| CN103368987A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
| CN103927476A (en) * | 2014-05-07 | 2014-07-16 | 上海联彤网络通讯技术有限公司 | Intelligent system and method for achieving application program authority management |
| CN104318153A (en) * | 2014-09-30 | 2015-01-28 | 北京金和软件股份有限公司 | Online monitoring system for mobile equipment downloading mobile applications |
| CN104715196A (en) * | 2015-03-27 | 2015-06-17 | 北京奇虎科技有限公司 | Static analysis method and system of smart phone application program |
| CN104850779A (en) * | 2015-06-04 | 2015-08-19 | 北京奇虎科技有限公司 | Safe application program installing method and safe application program installing device |
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
| CN105975849A (en) * | 2016-05-04 | 2016-09-28 | 深圳市永兴元科技有限公司 | Security installation method and system of application software |
| CN106548074A (en) * | 2016-12-09 | 2017-03-29 | 江苏通付盾科技有限公司 | Application program analyzing monitoring method and system |
| CN107871080A (en) * | 2017-12-04 | 2018-04-03 | 杭州安恒信息技术有限公司 | The hybrid Android malicious code detecting methods of big data and device |
| CN107908953A (en) * | 2017-11-21 | 2018-04-13 | 广东欧珀移动通信有限公司 | Notifications service control method, device, terminal device and storage medium |
-
2019
- 2019-04-24 CN CN201910336086.8A patent/CN110071924B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368987A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
| CN103019938A (en) * | 2012-12-26 | 2013-04-03 | 北京搜狐新媒体信息技术有限公司 | Method and device for locally testing application program based on cloud platform |
| CN103927476A (en) * | 2014-05-07 | 2014-07-16 | 上海联彤网络通讯技术有限公司 | Intelligent system and method for achieving application program authority management |
| CN104318153A (en) * | 2014-09-30 | 2015-01-28 | 北京金和软件股份有限公司 | Online monitoring system for mobile equipment downloading mobile applications |
| CN104715196A (en) * | 2015-03-27 | 2015-06-17 | 北京奇虎科技有限公司 | Static analysis method and system of smart phone application program |
| CN104850779A (en) * | 2015-06-04 | 2015-08-19 | 北京奇虎科技有限公司 | Safe application program installing method and safe application program installing device |
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
| CN105975849A (en) * | 2016-05-04 | 2016-09-28 | 深圳市永兴元科技有限公司 | Security installation method and system of application software |
| CN106548074A (en) * | 2016-12-09 | 2017-03-29 | 江苏通付盾科技有限公司 | Application program analyzing monitoring method and system |
| CN107908953A (en) * | 2017-11-21 | 2018-04-13 | 广东欧珀移动通信有限公司 | Notifications service control method, device, terminal device and storage medium |
| CN107871080A (en) * | 2017-12-04 | 2018-04-03 | 杭州安恒信息技术有限公司 | The hybrid Android malicious code detecting methods of big data and device |
Non-Patent Citations (9)
| Title |
|---|
| 刘效伯: ""Android系统隐私泄露检测与保护研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 张云: ""海量 Android 应用相似性检测方法研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 张巍等: ""基于移动软件行为大数据挖掘的恶意软件检测技术"", 《集成技术》 * |
| 文伟平等: ""Android 恶意软件检测技术分析和应用研究"", 《通信学报》 * |
| 杨春雷等: ""基于谷歌距离的安卓恶意软件特征提取方法"", 《计算机应用与软件》 * |
| 王持恒: ""Android应用安全检测与风险评估方法研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 王斌: ""基于数据生命周期的Android应用程序隐私泄露分析技术研究"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 王鹏: ""Android隐私保护机制的分析与改进"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 陈学位: ""一种基于日志的分布式增量聚类算法"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110801630A (en) * | 2019-11-04 | 2020-02-18 | 网易(杭州)网络有限公司 | Cheating program determining method, device, equipment and storage medium |
| CN111092993A (en) * | 2020-03-20 | 2020-05-01 | 北京热云科技有限公司 | Method and system for detecting hijacking behavior of apk file |
| CN111092993B (en) * | 2020-03-20 | 2020-06-30 | 北京热云科技有限公司 | Method and system for detecting hijacking behavior of apk file |
| CN112613035A (en) * | 2020-12-18 | 2021-04-06 | 深圳市安络科技有限公司 | Ios system-based app security detection method, device and equipment |
| CN114866532A (en) * | 2022-04-25 | 2022-08-05 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
| CN114866532B (en) * | 2022-04-25 | 2023-11-10 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110071924B (en) | 2020-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110046494B (en) | Big data processing method and system based on terminal | |
| CN110071924A (en) | Big data analysis method and system based on terminal | |
| EP3368973B1 (en) | Multi-layer computer security countermeasures | |
| CN104484599B (en) | A kind of behavior treating method and apparatus based on application program | |
| CN110084064A (en) | Big data analysis processing method and system based on terminal | |
| Malik et al. | CREDROID: Android malware detection by network traffic analysis | |
| CN103607385B (en) | Method and apparatus for security detection based on browser | |
| CN115733681A (en) | Data security management platform for preventing data loss | |
| CN103368904A (en) | Mobile terminal, and system and method for suspicious behavior detection and judgment | |
| WO2006080685A1 (en) | Pornograph intercept method | |
| CN103368957A (en) | Method, system, client and server for processing webpage access behavior | |
| CN109376133A (en) | File access method and file access system | |
| Rashid et al. | Discovering" unknown known" security requirements | |
| CN106778348A (en) | A kind of method and apparatus for isolating private data | |
| CN109800569A (en) | Program identification method and device | |
| CN106325993A (en) | Freezing method of application program and terminal | |
| CN108566643A (en) | APP access control methods, system, terminal device and storage medium | |
| CN104484598A (en) | Method and device for protecting safety of intelligent terminal | |
| TW201937394A (en) | System and method for program security protection | |
| CN103093147A (en) | Method and electronic device for identifying information | |
| US9584537B2 (en) | System and method for detecting mobile cyber incident | |
| CN112651039A (en) | Electric power data differentiation desensitization method and device fusing service scenes | |
| CN115552401A (en) | Fast application detection method, device, equipment and storage medium | |
| CN106919844A (en) | A kind of android system vulnerability of application program detection method | |
| Payet et al. | Ears in the wild: large-scale analysis of execution after redirect vulnerabilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200709 Address after: No.368, Menghu commercial and residential building, No.318, Youyi Avenue, Wuchang District, Wuhan City, Hubei Province Applicant after: Wuhan Wufang Information Service Co., Ltd Address before: 510000 A30 house 68 (1), Nanxiang Road, Whampoa District, Guangzhou, Guangdong. Applicant before: GUANGZHOU ZHIHONG TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |