WO2019037521A1 - Security detection method, device, system, and server - Google Patents

Security detection method, device, system, and server Download PDF

Info

Publication number
WO2019037521A1
WO2019037521A1 PCT/CN2018/090863 CN2018090863W WO2019037521A1 WO 2019037521 A1 WO2019037521 A1 WO 2019037521A1 CN 2018090863 W CN2018090863 W CN 2018090863W WO 2019037521 A1 WO2019037521 A1 WO 2019037521A1
Authority
WO
WIPO (PCT)
Prior art keywords
security detection
request
data
function
security
Prior art date
Application number
PCT/CN2018/090863
Other languages
French (fr)
Chinese (zh)
Inventor
庄乾六
张建新
Original Assignee
北京奇虎科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2019037521A1 publication Critical patent/WO2019037521A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Definitions

  • the present invention relates to the field of computers, and in particular, to a method for security detection, a device for security detection, a system for security detection, and a server for security detection.
  • the smart mobile terminal not only realizes all the functions of the traditional digital mobile terminal, but also can install various applications to meet various needs of the user, such as office requirements, social needs, online video viewing requirements, and the like.
  • the open intelligent mobile operating system of the smart mobile terminal such as the Android mobile operating system
  • many applications can be allowed to be installed in the open intelligent operating system; because the open intelligent operating system is more inclusive to the application Strong, once the user's important information is obtained by the malicious application, not only will the user's private information be leaked, but even the user's property will be lost.
  • the malicious application installed on the smart mobile operating system of the smart mobile terminal of another user cannot be prevented from stealing and leaking the private information of the user.
  • the theft of the property of the user for example, other users steal the wireless network information of the nearby user and the connection password of the wireless network information through a malicious application installed on the smart mobile operating system of the smart mobile terminal.
  • an embodiment of the present invention provides a method for security detection, comprising: setting a security detection environment based on a security detection request when a security detection request is detected; and performing a security detection request in a security detection environment
  • the preset application corresponding to the security detection function determines whether the security detection function is safe; sends the determination result to the security detection client to inform the user of the security detection result of the security detection function.
  • an embodiment of the present invention provides an apparatus for security detection, comprising: at least one processor; and at least one memory communicatively coupled to the at least one processor; the at least one memory Included by the processor executable instructions, when executed by the at least one processor, causing the apparatus to perform at least the following: upon detecting a security detection request, setting based on the security detection request a security detection environment; in the security detection environment, determining whether the security detection function is safe by running a preset application corresponding to the security detection function in the security detection request; sending the determination result to the security detection
  • the client informs the user of the security detection result of the security detection function to be described.
  • an embodiment of the present invention provides a security detection system, including a security detection platform and a security detection client.
  • the security detection platform is configured to set a security detection environment based on the security detection request when a security detection request is detected. In the security detection environment, it is determined whether the security detection application is safe by running a preset application corresponding to the security detection function in the security detection request; the judgment result is sent to the security detection client; the security detection client, It is used to receive the judgment result sent by the security detection platform, and inform the user of the security detection result of the security detection function.
  • an embodiment of the present invention provides a server for security detection, including a memory, a processor, and a computer program stored on the processor and running on the processor; the processor performs the above security detection when executing the computer program. method.
  • the invention provides a computer program comprising computer readable code, which when executed by a server causes the method of the first aspect to be performed.
  • the invention provides a computer readable medium storing a computer program as described in the fifth aspect.
  • the security detection environment is set based on the security detection request; in the security detection environment, the preset application corresponding to the security detection function in the security detection request is determined to be determined. Whether the security detection function is secure; the judgment result is sent to the security detection client to inform the user of the security detection result of the security detection function, thereby effectively detecting whether the application or application function in different application scenarios is malicious to the user.
  • FIG. 1 is a schematic flow chart of a method for security detection according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of determining whether a security detection function is to be safe according to a preferred embodiment of the present invention
  • FIG. 3 is a schematic structural view of a device for safety detection according to another embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a judgment module of a preferred embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a system for security detection according to still another embodiment of the present invention.
  • Figure 6 shows a block diagram of a server for performing the method according to the invention
  • Figure 7 shows a schematic diagram of a memory unit for holding or carrying program code implementing a method in accordance with the present invention.
  • FIG. 1 is a schematic flow chart of a method for security detection according to an embodiment of the present invention.
  • execution subject of this embodiment is a server.
  • Step S101 When the security detection request is detected, the security detection environment is set based on the security detection request.
  • Step S102 In the security detection environment, determine the security to be determined by running a preset application corresponding to the security detection function in the security detection request. Whether the detection function is safe;
  • Step S103 Send the determination result to the security detection client to inform the user of the security detection result of the security detection function.
  • the security detection environment is set based on the security detection request; in the security detection environment, the preset application corresponding to the security detection function in the security detection request is determined to be determined. Whether the security detection function is secure; the judgment result is sent to the security detection client to inform the user of the security detection result of the security detection function, thereby effectively detecting whether the application or application function in different application scenarios is malicious to the user.
  • Step S101 When the security detection request is detected, the security detection environment is set based on the security detection request.
  • setting the security detection environment based on the security detection request includes: determining the security detection environment configuration data based on the operation condition of the security detection function in the security detection request; and setting the security detection environment according to the security detection configuration data.
  • the security detection server when the security detection server receives the security detection request sent by the user, by parsing the security detection request and obtaining the content of the request in the security detection request and the operating condition of the security detection function, such as requesting content: detecting the current user
  • the server security detects the environment configuration data, such as the wifi environment configuration data, and sets a security detection environment based on the configuration data, for example, setting the simulated mobile terminal operating environment to the wifi environment based on the wifi environment configuration data.
  • the operating environment of the mobile terminal is simulated by the sandbox; in this embodiment, the wifi configuration data can also be directly set to the operating environment in the preset real machine.
  • Step S102 In the security detection environment, determine whether the security detection function is safe by running a preset application corresponding to the security detection function in the security detection request.
  • Step S201 In security detection In the environment, running a preset application corresponding to the security detection function, and performing a simulation operation on the preset application; step S202: when the preset application sends data generated by any simulation operation to its corresponding target server At the request, intercepting and acquiring the data request; step S203: forwarding the data request to the security detection client, so that the security detection client sends the data request to the target server; step S204: receiving the target server response returned by the security detection client The feedback data information of the data request; step S205: determining whether the security detection function is to be safe based on the returned feedback data information.
  • the step of intercepting and obtaining the data request includes: intercepting, by the hook function, a data request sent by the preset application to its corresponding target server, and acquiring the data request.
  • the step of determining whether the security detection function is safe based on the returned feedback data information includes: determining whether the feedback data information is malicious data.
  • wifi sharing application to detect whether the wifi network "XXX” application function is safe; run wifi sharing through simulated click operation
  • the application and automatically searches the wifi network "XXX” through the wifi sharing application, when the wifi sharing application connects to the wifi network, that is, the wifi sharing application sends a connection request to the server corresponding to the wifi sharing application
  • the security detection server is based on the interception layer set in the application programming interface, intercepts and acquires the connection request through the hook function, and the security detection server forwards the connection request to the security detection client of the user, so that the security is passed through the user.
  • the client sends the connection request to the server of the wifi sharing application; when the server of the wifi sharing application receives the connection request, if the wifi network "XXX" has been shared by other users, the wifi sharing The wifi is stored in the application's server
  • the connection password of "XXX” the server of the wifi sharing application returns the connection password to the security detection client, and then returns to the security detection server through the security detection client; when the security detection server obtains the connection password, Returning the connection password to the wifi sharing application.
  • the security detection server determines that the connection password is malicious data, that is, The wifi "XXX” has been shared, that is, the wifi application function has an insecure problem.
  • the security detection environment is a simulated mobile terminal operating environment or a real mobile terminal operating environment
  • the preset application program can determine that the current operating environment is a real mobile terminal operation. The environment is thus able to run the preset application.
  • the step of determining whether the security detection function is to be safe is performed by running a preset application corresponding to the security detection function in the security detection request, and further comprising: presetting the preset application access.
  • the application programming interface intercepts and acquires interception data information; determines whether the intercepted data information is malicious data.
  • the security detection server simulates clicking on the preset application so that the preset application starts running, by setting the interception layer in the preset application programming interface API, when the preset application programming interface is called for the preset application, The obtained application data is intercepted and acquired; the security detection server analyzes the intercepted application data to determine whether the application data is malicious data, and when the application data is determined to be malicious data, the security detection client notifies the user to be detected.
  • the security detection server simulates clicking on the preset application so that the preset application starts running, by setting the interception layer in the preset application programming interface API, when the preset application programming interface is called for the preset application, The obtained application data is intercepted and acquired; the security detection server analyzes the intercepted application data to determine whether the application data is malicious data, and when the application data is determined to be malicious data, the security detection client notifies the user to be detected.
  • the preset application programming interface is an application programming interface that is called when the preset application may cause a loss to the user, such as an application programming interface that is called when acquiring user privacy data or user property data.
  • Step S103 Send the determination result to the security detection client to inform the user of the security detection result of the security detection function.
  • the security detection server sends a judgment result, such as the wifi network "XXX", to the security detection client of the user, to inform the user that the wifi network of the mobile terminal is insecure, and prompts to change the password in time.
  • a judgment result such as the wifi network "XXX”
  • the determination result may be sent to the security detection client of the user.
  • FIG. 3 is a schematic structural view of a device for safety detection according to another embodiment of the present invention.
  • the setting module 301 when detecting the security detection request, sets a security detection environment based on the security detection request; the determining module 302 determines, in the security detection environment, by running a preset application corresponding to the security detection function in the security detection request. Whether the security detection function is safe or not; the sending module 303 sends the determination result to the security detection client to inform the user of the security detection result of the security detection function.
  • the setting module 301 sets a security detection environment based on the security detection request when the security detection request is detected.
  • the setting module 301 includes: a determining unit that determines security detection environment configuration data based on an operating condition of the security detection function in the security detection request; and a setting unit that sets the security detection environment according to the security detection configuration data.
  • the security detection server receives the security detection request sent by the user, by parsing the security detection request and obtaining the content of the request in the security detection request and the operating condition of the security detection function, such as requesting content: detecting the current user
  • the server security detection environment configuration data such as the wifi environment configuration data, is set, and the setting unit sets the security detection environment based on the configuration data, for example, setting the simulated mobile terminal operating environment to the wifi environment based on the wifi environment configuration data.
  • the operating environment of the mobile terminal is simulated by the sandbox; in this embodiment, the wifi configuration data can also be directly set to the operating environment in the preset real machine.
  • the determining module 302 determines whether the security detecting function is safe by running a preset application corresponding to the security detecting function in the security detecting request in the security detecting environment.
  • the determining module 302 includes: an operating unit 401, in the security detecting environment, running a preset application corresponding to the security detecting function, and performing an analog operation on the preset application;
  • the intercepting unit 402 intercepts and acquires the data request when the preset application sends a data request generated by any of the simulation operations to its corresponding target service;
  • the forwarding unit 403 forwards the data request to the security detection client to enable the security detection.
  • the client sends the data request to the target server;
  • the receiving unit 404 receives the feedback data information of the target server returned by the security detection client in response to the data request;
  • the first determining unit 405 determines the to-be-safe detection based on the returned feedback data information. Whether the function is safe.
  • the intercepting unit intercepts the data request sent by the preset application to its corresponding target service through the hook function, and acquires the data request.
  • the first determining unit determines whether the feedback data information is malicious data.
  • the running unit 401 detects whether the wifi network "XXX” application function is safe by running a corresponding preset application installed in the security detection environment: the wifi sharing application in the set security detection environment; Running the wifi sharing application, and automatically searching for the wifi network "XXX” through the wifi sharing application, when the wifi sharing application connects to the wifi network, that is, the wifi sharing application sends the server corresponding to the wifi sharing application
  • the first intercepting unit 402 intercepts and acquires the connection request by the intercepting unit hook function based on the intercepting layer set in the application programming interface, and forwards the connection request to the user's security detecting client by the forwarding unit 403.
  • connection request is sent to the server of the wifi sharing application by the user's security detection client; when the server of the wifi sharing application receives the connection request, if the wifi network "XXX" has been used by other users Shared, then the server of the wifi sharing application
  • the connection password of the wifi network "XXX” is stored, and the server of the wifi sharing application returns the connection password to the security detection client, and then returns to the security detection server via the security detection client; when the receiving unit 404 receives After the password is connected, the connection password is returned to the wifi sharing application.
  • the security detecting server detects that the wifi sharing application can connect to the wifi network "XXX" through the connection password
  • the first determining unit 405 determines the password.
  • the connection password is malicious data, that is, the wifi "XXX" has been shared, that is, the wifi application function has an insecure problem.
  • the security detection environment is a simulated mobile terminal operating environment or a real mobile terminal operating environment
  • the preset application program can determine that the current operating environment is a real mobile terminal operation. The environment is thus able to run the preset application.
  • the determining module further includes: a second intercepting unit that intercepts the preset application programming interface accessed by the preset application and acquires the intercepted data information; and the second determining unit determines whether the intercepted data information is malicious data.
  • the second intercepting unit calls the preset application by setting the interception layer in the preset application programming interface API.
  • the application data acquired during the programming interface is intercepted and acquired; the security detection server analyzes the intercepted application data, and the second determining unit determines whether the application data is malicious data, and when determining that the application data is malicious data,
  • the detection client informs the user that there is an insecure problem with the application function to be detected.
  • the preset application programming interface is an application programming interface that is called when the preset application may cause a loss to the user, such as an application programming interface that is called when acquiring user privacy data or user property data.
  • the sending module 303 sends the determination result to the security detection client to inform the user of the security detection result of the security detection function.
  • the sending module 303 sends the determination result, such as the wifi network "XXX", to the security detection client of the user, to inform the user that the wifi network of the mobile terminal is insecure, and prompts to replace the password in time.
  • the determination result such as the wifi network "XXX”
  • the determination result may be sent to the security detection client of the user.
  • FIG. 5 is a schematic structural diagram of a system for security detection according to still another embodiment of the present invention.
  • the security detection system includes a security detection platform 501 and a security detection client 502.
  • the security detection platform 501 sets a security detection environment based on the security detection request when detecting the security detection request, and passes the operation and security detection request in the security detection environment.
  • the preset application corresponding to the security detection function determines whether the security detection application is safe; sends the determination result to the security detection client 502; the security detection client 502 receives the judgment result sent by the security detection platform, and informs The security test result of the user's security detection function.
  • the security detection platform 501 when detecting the security detection request, sets a security detection environment based on the security detection request; in the security detection environment, determining the to-be-safe detection by running a preset application corresponding to the security detection function in the security detection request Whether the application is secure; the judgment result is sent to the security detection client 502.
  • the system for security detection further includes an auxiliary platform; the auxiliary platform determines the security detection environment configuration data based on the operating conditions of the security detection function in the security detection request; and sets the security detection environment according to the security detection configuration data.
  • the security detection server receives the security detection request sent by the user, by parsing the security detection request and obtaining the content of the request in the security detection request and the operating condition of the security detection function, such as requesting content: detecting the current user
  • the server security detection environment configuration data such as the wifi environment configuration data, is set, and the security detection environment is set based on the configuration data, for example, the simulated mobile terminal operating environment is set to the wifi environment based on the wifi environment configuration data.
  • the operating environment of the mobile terminal is simulated by the sandbox; in this embodiment, the wifi configuration data can also be directly set to the operating environment in the preset real machine.
  • the security detection platform 501 includes an operating system platform and a forwarding platform; the operating system platform runs a preset application corresponding to the security detection function in the security detection environment, and performs an analog operation on the preset application; When the preset application sends a data request generated by any simulation operation to its corresponding target service, intercepts and acquires the data request; and sends the data request to the forwarding platform; and determines the security detection function based on the feedback data information returned by the forwarding platform. Whether it is secure; the forwarding platform receives the data request sent by the operating system platform; and forwards the data request to the security detection client 502, so that the security detection client 502 sends the data request to the target server; the receiving is returned by the security detection client 502.
  • the target server responds to the data request feedback data information; and sends the feedback data information to the operating system platform.
  • the forwarding platform includes a VPN client and a VPN server; the VPN client receives the data request sent by the operating system platform; and sends the data request to the VPN server; and receives the feedback data information of the target server returned by the VPN server in response to the data request. And sending the feedback data information to the operating system platform; the VPN server receives the data request sent by the VPN client, and sends the data request to the security detection client 502; and receives the target server returned by the security detection client 502 to respond to the data.
  • the requested feedback data information; and the feedback data information is sent to the VPN client.
  • the operating system platform detects whether the wifi network "XXX” application function is safe by running a corresponding preset application installed in the security detection environment: the wifi sharing application in the set security detection environment; Running the wifi sharing application, and automatically searching for the wifi network "XXX” through the wifi sharing application, when the wifi sharing application connects to the wifi network, that is, the wifi sharing application sends the server corresponding to the wifi sharing application
  • the security detection server intercepts and acquires the connection request through the hook function based on the interception layer set in the application programming interface, and the connection request is forwarded to the VPN client by the security detection server;
  • the VPN client receives a connection request sent by the operating system platform; and the connection request is sent to the VPN server;
  • the VPN server forwards the connection request to the security detection client 502 of the user, so that the connection request is sent to the wifi sharing by the security detection client 502 of the user Application server; when When the server of the wifi sharing application receives the connection request, if the wifi network "XXX" has been shared
  • connection password is returned to the wifi sharing application, and when the operating system platform detects that the wifi sharing application can connect to the wifi network through the connection password " XXX", the operating system platform determines that the connection password is malicious data, that is, the wifi "XXX” has been shared, that is, the wifi application function has an insecure problem.
  • the security detection environment is a simulated mobile terminal operating environment or a real mobile terminal operating environment
  • the preset application program can determine that the current operating environment is a real mobile terminal operation. The environment is thus able to run the preset application.
  • the security detection platform 501 intercepts the preset application programming interface accessed by the preset application and acquires the interception data information; and determines whether the intercepted data information is malicious data.
  • the security detection platform 501 simulates clicking on the preset application so that the preset application starts running, the preset application programming interface is called for the preset application by setting the interception layer in the preset application programming interface API.
  • the application data obtained at the time is intercepted and acquired; the security detection platform 501 analyzes the intercepted application data to determine whether the application data is malicious data, and when the application data is determined to be malicious data, the user is notified by the security detection client 502. There is an insecure problem with the application function to be detected.
  • the preset application programming interface is an application programming interface that is called when the preset application may cause a loss to the user, such as an application programming interface that is called when acquiring user privacy data or user property data.
  • the security detection client 502 receives the judgment result sent by the security detection platform, and informs the user of the security detection result of the security detection function.
  • the security detection platform 501 sends the determination result, such as the wifi network "XXX", to the security detection client 502 of the user, and the security detection client 502 informs the user that the wifi network of the mobile terminal is insecure. And prompt to change the password in time.
  • the determination result such as the wifi network "XXX”
  • the determination result may be sent to the security detection client 502 of the user.
  • Still another embodiment of the present invention provides a server for security detection, comprising a memory, a processor, and a computer program stored on the processor and running on the processor; and the method for implementing the security detection when the processor executes the computer program. Since these technical solutions have been clearly explained in the above embodiments, they will not be described again here.
  • Fig. 6 shows a server (hereinafter collectively referred to as a server) that can implement security detection according to the present invention.
  • the server conventionally includes a processor 610 and a computer program product or computer readable medium in the form of a memory 620.
  • the memory 620 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM.
  • Memory 620 has a memory space 630 for program code 631 for performing any of the method steps described above.
  • storage space 630 for program code may include various program code 631 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • Such computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG.
  • the storage unit may have a storage section or a storage space or the like arranged similarly to the memory 620 in FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit comprises program code 631' for performing the steps of the method according to the invention, ie code that can be read by a processor, such as 610, which, when run by the server, causes the server to execute the above Each step in the described method.
  • the present invention includes apparatus related to performing one or more of the operations described herein. These devices may be specially designed and manufactured for the required purposes, or may also include known devices in a general purpose computer. These devices have computer programs stored therein that are selectively activated or reconfigured.
  • Such computer programs may be stored in a device (eg, computer) readable medium or in any type of medium suitable for storing electronic instructions and coupled to a bus, respectively, including but not limited to any Types of disks (including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory), RAM (Random Access Memory), EPROM (Erasable Programmable Read-Only Memory) , EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or light card.
  • a readable medium includes any medium that is stored or transmitted by a device (eg, a computer) in a readable form.
  • each block of the block diagrams and/or block diagrams and/or flow diagrams and combinations of blocks in the block diagrams and/or block diagrams and/or flow diagrams can be implemented by computer program instructions. .
  • these computer program instructions can be implemented by a general purpose computer, a professional computer, or a processor of other programmable data processing methods, such that the processor is executed by a computer or other programmable data processing method.
  • steps, measures, and solutions in the various operations, methods, and processes that have been discussed in the present invention may be alternated, changed, combined, or deleted. Further, other steps, measures, and schemes of the various operations, methods, and processes that have been discussed in the present invention may be alternated, modified, rearranged, decomposed, combined, or deleted. Further, the steps, measures, and solutions in the various operations, methods, and processes disclosed in the present invention may be alternated, modified, rearranged, decomposed, combined, or deleted.

Abstract

The present invention provides a security detection method, device, system, and server. The method comprises: upon detection of a security detection request, configuring a security detection environment on the basis of the security detection request; in the security detection environment, determining, by running a preset application program in the security detection request corresponding to a function on which security detection is to be performed, whether the function on which security detection is to be performed is secure; and sending the determination result to a security detection client, to inform a user of the security detection result concerning the function. The present technical solution effectively detects whether an application program or an application function under different application scenarios will cause a malicious behavior to a user or has insecure factors, to prevent the application program or the application function from stealing or leaking property data and privacy data of the user, resulting in user privacy insecurity and property damage.

Description

安全检测的方法、装置、系统以及服务器Method, device, system and server for security detection 技术领域Technical field
本发明涉及计算机领域,具体而言,本发明涉及一种安全检测的方法、一种安全检测的装置、一种安全检测的系统以及一种安全检测的服务器。The present invention relates to the field of computers, and in particular, to a method for security detection, a device for security detection, a system for security detection, and a server for security detection.
背景技术Background technique
随着信息技术的发展,传统的数字移动终端逐渐被智能移动终端所代替。由于智能移动终端不仅实现了传统的数字移动终端的所有功能,还可以通过安装各种应用程序来满足用户的各种需求,如办公需求、社交需求、线上观看视频需求等。With the development of information technology, traditional digital mobile terminals are gradually replaced by intelligent mobile terminals. Since the smart mobile terminal not only realizes all the functions of the traditional digital mobile terminal, but also can install various applications to meet various needs of the user, such as office requirements, social needs, online video viewing requirements, and the like.
由于智能移动终端具有的开放性智能移动操作系统,如Android移动操作系统等,使得许多应用程序都可以被允许安装在开放性智能操作系统中;由于开放性智能操作系统对应用程序的包容性较强,一旦用户的这些重要信息被恶意应用程序获取到,不仅会造成用户隐私信息的泄漏,甚至还会给用户的财产造成损失。或者即使用户当前的智能移动终端的智能移动操作系统上并没有安装恶意应用程序,但无法避免其他用户的智能移动终端的智能移动操作系统上安装的恶意应用程序对本用户的隐私信息的窃取和泄漏以及本用户的财产的窃取;例如,其他用户通过安装在其智能移动终端的智能移动操作系统上的恶意应用程序来窃取附近用户的无线网络信息和该无线网络信息的连接密码。Due to the open intelligent mobile operating system of the smart mobile terminal, such as the Android mobile operating system, many applications can be allowed to be installed in the open intelligent operating system; because the open intelligent operating system is more inclusive to the application Strong, once the user's important information is obtained by the malicious application, not only will the user's private information be leaked, but even the user's property will be lost. Or even if a malicious application is not installed on the smart mobile operating system of the user's current smart mobile terminal, the malicious application installed on the smart mobile operating system of the smart mobile terminal of another user cannot be prevented from stealing and leaking the private information of the user. And the theft of the property of the user; for example, other users steal the wireless network information of the nearby user and the connection password of the wireless network information through a malicious application installed on the smart mobile operating system of the smart mobile terminal.
在现有技术中,由于受到智能移动操作系统的权限限制的问题,目前还没有特别有效的方法能够对给本用户造成损失的本用户或其他用户的智能移动终端的恶意应用程序进行安全检测;而如何对本用户或其他用户的智能移动终端的恶意应用程序的进行安全检测是解决上述问题的关键。In the prior art, due to the limitation of the authority of the intelligent mobile operating system, there is currently no particularly effective method for performing security detection on a malicious application of the smart mobile terminal of the user or other users that causes loss to the user; How to perform security detection on the malicious application of the smart mobile terminal of the user or other users is the key to solving the above problem.
发明内容Summary of the invention
为克服上述技术问题或者至少部分地解决上述技术问题,特提出以下技术方案:In order to overcome the above technical problems or at least partially solve the above technical problems, the following technical solutions are proposed:
第一方面,本发明的一个实施例提出了一种安全检测的方法,包括:当检测到安全检测请求,基于安全检测请求设置安全检测环境;在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全;将判断结果发送至安全检测客户端,以告知用户待安全检测功能的安全检测结果。In a first aspect, an embodiment of the present invention provides a method for security detection, comprising: setting a security detection environment based on a security detection request when a security detection request is detected; and performing a security detection request in a security detection environment The preset application corresponding to the security detection function determines whether the security detection function is safe; sends the determination result to the security detection client to inform the user of the security detection result of the security detection function.
第二方面,本发明的一个实施例提出了一种安全检测的装置,包括:至少一个处理器;以及,至少一个存储器,其与所述至少一个处理器可通信地连接;所述至少一个存储器包括处理器可执行的指令,当所述处理器可执行的指令由所述至少一个处理器执行时,致使所述装置执行至少以下操作:当检测到安全检测请求,基于所述安全检测请求设置安全检测环境;在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测功能是否安全;将判断结果发送至安全检测客户端,以告知用户所述待安全检测功能的安全检测结果。In a second aspect, an embodiment of the present invention provides an apparatus for security detection, comprising: at least one processor; and at least one memory communicatively coupled to the at least one processor; the at least one memory Included by the processor executable instructions, when executed by the at least one processor, causing the apparatus to perform at least the following: upon detecting a security detection request, setting based on the security detection request a security detection environment; in the security detection environment, determining whether the security detection function is safe by running a preset application corresponding to the security detection function in the security detection request; sending the determination result to the security detection The client informs the user of the security detection result of the security detection function to be described.
第三方面,本发明的一个实施例提出了一种安全检测的系统,包括安全检测平台和安全检测客户端;安全检测平台,用于当检测到安全检测请求,基于安全检测请求设置安全检测环境;在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测应用程序是否安全;将判断结果发送至安全检测客户端;安全检测客户端,用于接收安全检测平台发送的判断结果,并告知用户待安全检测功能的安全检测结果。In a third aspect, an embodiment of the present invention provides a security detection system, including a security detection platform and a security detection client. The security detection platform is configured to set a security detection environment based on the security detection request when a security detection request is detected. In the security detection environment, it is determined whether the security detection application is safe by running a preset application corresponding to the security detection function in the security detection request; the judgment result is sent to the security detection client; the security detection client, It is used to receive the judgment result sent by the security detection platform, and inform the user of the security detection result of the security detection function.
第四方面,本发明的一个实施例提出了一种安全检测的服务器,包括存储器、处理器以及存储在存储器上并在处理器上运行的计算机程序;处理器执行计算机程序时实现上述安全检测的方法。In a fourth aspect, an embodiment of the present invention provides a server for security detection, including a memory, a processor, and a computer program stored on the processor and running on the processor; the processor performs the above security detection when executing the computer program. method.
第五方面,本发明提供了一种计算机程序,包括计算机可读代码,当服务器运行所述计算机可读代码时,导致第一方面所述的方法被执行。In a fifth aspect, the invention provides a computer program comprising computer readable code, which when executed by a server causes the method of the first aspect to be performed.
第六方面,本发明提供了一种计算机可读介质,其中存储了如第五方 面所述的计算机程序。In a sixth aspect, the invention provides a computer readable medium storing a computer program as described in the fifth aspect.
本发明的技术方案中,当检测到安全检测请求,基于安全检测请求设置安全检测环境;在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全;将判断结果发送至安全检测客户端,以告知用户待安全检测功能的安全检测结果,从而有效地检测出在不同应用场景下的应用程序或应用功能是否对会用户产生恶意行为或存在不安全因素,以避免应用程序或应用功能窃取及泄露用户的财产数据以及隐私数据,从而给用户带来隐私不安全问题和财产损失;同时由于用户能够及时知晓应用程序或应用功能存在恶意行为或不安全因素,因此能够尽早对恶意应用进行移除或对不安全的应用功能进行排除,从而保证了用户具有安全的应用环境以及应用功能。In the technical solution of the present invention, when the security detection request is detected, the security detection environment is set based on the security detection request; in the security detection environment, the preset application corresponding to the security detection function in the security detection request is determined to be determined. Whether the security detection function is secure; the judgment result is sent to the security detection client to inform the user of the security detection result of the security detection function, thereby effectively detecting whether the application or application function in different application scenarios is malicious to the user. Behavior or insecurities to prevent applications or application functions from stealing and revealing user property data and private data, thereby bringing privacy insecurity and property damage to users; and because users are aware of the existence of applications or application functions in a timely manner Malicious behavior or insecure factors, so as to remove malicious applications or exclude insecure application functions as early as possible, thus ensuring users have a secure application environment and application functions.
本发明附加的方面和优点将在下面的描述中部分给出,这些将从下面的描述中变得明显,或通过本发明的实践了解到。The additional aspects and advantages of the invention will be set forth in part in the description which follows.
附图说明DRAWINGS
本发明上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present invention will become apparent and readily understood from
图1为本发明中的一个实施例的安全检测的方法的流程示意图;1 is a schematic flow chart of a method for security detection according to an embodiment of the present invention;
图2为本发明中的一个优选实施例的判断待安全检测功能是否安全的流程示意图;2 is a schematic flowchart of determining whether a security detection function is to be safe according to a preferred embodiment of the present invention;
图3为本发明中的另一个实施例的安全检测的装置的结构框架示意图;3 is a schematic structural view of a device for safety detection according to another embodiment of the present invention;
图4为本发明中的一个优选实施例的判断模块的结构框架示意图;4 is a schematic structural diagram of a judgment module of a preferred embodiment of the present invention;
图5为本发明中的又一个实施例的安全检测的系统的结构框架示意图;FIG. 5 is a schematic structural diagram of a system for security detection according to still another embodiment of the present invention; FIG.
图6示出了用于执行根据本发明的方法的服务器的框图;以及Figure 6 shows a block diagram of a server for performing the method according to the invention;
图7示出了用于保持或者携带实现根据本发明的方法的程序代码的存储单元示意图。Figure 7 shows a schematic diagram of a memory unit for holding or carrying program code implementing a method in accordance with the present invention.
具体实施方式Detailed ways
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能解释为对本发明的限制。The embodiments of the present invention are described in detail below, and the examples of the embodiments are illustrated in the drawings, wherein the same or similar reference numerals are used to refer to the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the drawings are intended to be illustrative of the invention and are not to be construed as limiting.
本技术领域技术人员可以理解,除非特意声明,这里使用的单数形式“一”、“一个”、“所述”和“该”也可包括复数形式。应该进一步理解的是,本发明的说明书中使用的措辞“包括”是指存在所述特征、整数、步骤、操作、元件和/或组件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元件、组件和/或它们的组。应该理解,当我们称元件被“连接”或“耦接”到另一元件时,它可以直接连接或耦接到其他元件,或者也可以存在中间元件。此外,这里使用的“连接”或“耦接”可以包括无线连接或无线耦接。这里使用的措辞“和/或”包括一个或更多个相关联的列出项的全部或任一单元和全部组合。The singular forms "a", "an", "the" It is to be understood that the phrase "comprise" or "an" Integers, steps, operations, components, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element. Further, "connected" or "coupled" as used herein may include either a wireless connection or a wireless coupling. The phrase "and/or" used herein includes all or any one and all combinations of one or more of the associated listed.
本技术领域技术人员可以理解,除非另外定义,这里使用的所有术语(包括技术术语和科学术语),具有与本发明所属领域中的普通技术人员的一般理解相同的意义。还应该理解的是,诸如通用字典中定义的那些术语,应该被理解为具有与现有技术的上下文中的意义一致的意义,并且除非像这里一样被特定定义,否则不会用理想化或过于正式的含义来解释。Those skilled in the art will appreciate that all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the invention belongs, unless otherwise defined. It should also be understood that terms such as those defined in a general dictionary should be understood to have meaning consistent with the meaning in the context of the prior art, and will not be idealized or excessive unless specifically defined as here. The formal meaning is explained.
图1为本发明一个实施例的安全检测的方法的流程示意图。FIG. 1 is a schematic flow chart of a method for security detection according to an embodiment of the present invention.
需要说明的是,本实施例的执行主体是服务器。It should be noted that the execution subject of this embodiment is a server.
步骤S101:当检测到安全检测请求,基于安全检测请求设置安全检测环境;步骤S102:在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全;步骤S103:将判断结果发送至安全检测客户端,以告知用户待安全检测功能的安全检测结果。Step S101: When the security detection request is detected, the security detection environment is set based on the security detection request. Step S102: In the security detection environment, determine the security to be determined by running a preset application corresponding to the security detection function in the security detection request. Whether the detection function is safe; Step S103: Send the determination result to the security detection client to inform the user of the security detection result of the security detection function.
本发明的技术方案中,当检测到安全检测请求,基于安全检测请求设置安全检测环境;在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全;将判断 结果发送至安全检测客户端,以告知用户待安全检测功能的安全检测结果,从而有效地检测出在不同应用场景下的应用程序或应用功能是否对会用户产生恶意行为或存在不安全因素,以避免应用程序或应用功能窃取及泄露用户的财产数据以及隐私数据,从而给用户带来隐私不安全问题和财产损失;同时由于用户能够及时知晓应用程序或应用功能存在恶意行为或不安全因素,因此能够尽早对恶意应用进行移除或对不安全的应用功能进行排除,从而保证了用户具有安全的应用环境以及应用功能。In the technical solution of the present invention, when the security detection request is detected, the security detection environment is set based on the security detection request; in the security detection environment, the preset application corresponding to the security detection function in the security detection request is determined to be determined. Whether the security detection function is secure; the judgment result is sent to the security detection client to inform the user of the security detection result of the security detection function, thereby effectively detecting whether the application or application function in different application scenarios is malicious to the user. Behavior or insecurities to prevent applications or application functions from stealing and revealing user property data and private data, thereby bringing privacy insecurity and property damage to users; and because users are aware of the existence of applications or application functions in a timely manner Malicious behavior or insecure factors, so as to remove malicious applications or exclude insecure application functions as early as possible, thus ensuring users have a secure application environment and application functions.
以下针对各个步骤的具体实现做进一步的说明:The following is a further description of the specific implementation of each step:
步骤S101:当检测到安全检测请求,基于安全检测请求设置安全检测环境。Step S101: When the security detection request is detected, the security detection environment is set based on the security detection request.
具体地,基于安全检测请求设置安全检测环境,包括:基于安全检测请求中待安全检测功能的运行条件,确定安全检测环境配置数据;根据安全检测配置数据,设置安全检测环境。Specifically, setting the security detection environment based on the security detection request includes: determining the security detection environment configuration data based on the operation condition of the security detection function in the security detection request; and setting the security detection environment according to the security detection configuration data.
例如,当安全检测服务器端接收到来自用户发送的安全检测请求时,通过解析该安全检测请求并获取该安全检测请求中的请求内容以及待安全检测功能的运行条件,如请求内容:检测用户当前智能移动终端的wifi信号的应用功能的安全、待安全检测功能的运行条件:wifi环境,如wifi名称“XXX”、IP地址等;基于该安全检测请求中的待安全检测功能的运行条件,确定服务器安全检测环境配置数据,如wifi环境配置数据等,基于该配置数据设置安全检测环境,如基于该wifi环境配置数据将模拟移动终端运行环境设置到该wifi环境中。For example, when the security detection server receives the security detection request sent by the user, by parsing the security detection request and obtaining the content of the request in the security detection request and the operating condition of the security detection function, such as requesting content: detecting the current user The security function of the wifi signal of the intelligent mobile terminal, the operating condition of the security detection function: wifi environment, such as the wifi name "XXX", IP address, etc.; based on the operating conditions of the security detection function in the security detection request, determine The server security detects the environment configuration data, such as the wifi environment configuration data, and sets a security detection environment based on the configuration data, for example, setting the simulated mobile terminal operating environment to the wifi environment based on the wifi environment configuration data.
需要说明的是,在本实施例中通过沙箱进行模拟移动终端运行环境;在本实施例中还可以将wifi配置数据直接设置到预置的真实机器中的运行环境中。It should be noted that, in this embodiment, the operating environment of the mobile terminal is simulated by the sandbox; in this embodiment, the wifi configuration data can also be directly set to the operating environment in the preset real machine.
步骤S102:在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全。Step S102: In the security detection environment, determine whether the security detection function is safe by running a preset application corresponding to the security detection function in the security detection request.
具体地,在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全,如图2所示,包括:步骤S201:在安全检测环境中,运行与待安全检测功能相对 应的预置应用程序,并对预置应用程序进行模拟操作;步骤S202:当预置应用程序向其对应的目标服务器发送任一模拟操作所产生的数据请求时,拦截并获取数据请求;步骤S203:将数据请求转发至安全检测客户端,以使得安全检测客户端将数据请求发送至目标服务器;步骤S204:接收通过安全检测客户端返回的目标服务器响应于数据请求的反馈数据信息;步骤S205:基于返回的反馈数据信息,判断待安全检测功能是否安全。Specifically, in the security detection environment, it is determined whether the security detection function is safe by running a preset application corresponding to the security detection function in the security detection request, as shown in FIG. 2, including: Step S201: In security detection In the environment, running a preset application corresponding to the security detection function, and performing a simulation operation on the preset application; step S202: when the preset application sends data generated by any simulation operation to its corresponding target server At the request, intercepting and acquiring the data request; step S203: forwarding the data request to the security detection client, so that the security detection client sends the data request to the target server; step S204: receiving the target server response returned by the security detection client The feedback data information of the data request; step S205: determining whether the security detection function is to be safe based on the returned feedback data information.
其中,拦截并获取数据请求的步骤,包括:通过钩子函数对预置应用程序向其对应的目标服务器发送的数据请求进行拦截,并获取该数据请求。The step of intercepting and obtaining the data request includes: intercepting, by the hook function, a data request sent by the preset application to its corresponding target server, and acquiring the data request.
基于返回的反馈数据信息,判断待安全检测功能是否安全的步骤,包括:判断反馈数据信息是否为恶意数据。The step of determining whether the security detection function is safe based on the returned feedback data information includes: determining whether the feedback data information is malicious data.
例如,在设置完成的安全检测环境中,通过运行相应的安装在安全检测环境中的预置应用程序:wifi分享应用程序来检测wifi网络“XXX”应用功能是否安全;通过模拟点击操作运行wifi分享应用程序,并通过该wifi分享应用程序自动搜索到该wifi网络“XXX”,该wifi分享应用程序连接该wifi网络时,即该wifi分享应用程序向该wifi分享应用程序对应的服务器发送连接请求时,安全检测服务器基于在应用程序程序编程接口设置的拦截层,通过钩子函数拦截并获取该连接请求进行,并由安全检测服务器将该连接请求转发至用户的安全检测客户端,使得通过用户的安全检测客户端将该连接请求发送至该wifi分享应用程序的服务器;当该wifi分享应用程序的服务器接收到该连接请求时,若该wifi网络“XXX”已被其他用户所分享,则该wifi分享应用程序的服务器中存储有该wifi网络“XXX”的连接密码,该wifi分享应用程序的服务器会将该连接密码返回至安全检测客户端,再经安全检测客户端返回至安全检测服务器;当安全检测服务器获取到该连接密码后,将该连接密码返回至该wifi分享应用程序,当安全检测服务器检测到该wifi分享应用程序可以通过该连接密码连接上该wifi网络“XXX”,则安全检测服务器判断该连接密码为恶意数据,即该wifi“XXX”已被分享,即该wifi应用功能存在不安全问 题。For example, in the security detection environment that is set up, run the corresponding preset application installed in the security detection environment: wifi sharing application to detect whether the wifi network "XXX" application function is safe; run wifi sharing through simulated click operation The application, and automatically searches the wifi network "XXX" through the wifi sharing application, when the wifi sharing application connects to the wifi network, that is, the wifi sharing application sends a connection request to the server corresponding to the wifi sharing application The security detection server is based on the interception layer set in the application programming interface, intercepts and acquires the connection request through the hook function, and the security detection server forwards the connection request to the security detection client of the user, so that the security is passed through the user. Detecting that the client sends the connection request to the server of the wifi sharing application; when the server of the wifi sharing application receives the connection request, if the wifi network "XXX" has been shared by other users, the wifi sharing The wifi is stored in the application's server The connection password of "XXX", the server of the wifi sharing application returns the connection password to the security detection client, and then returns to the security detection server through the security detection client; when the security detection server obtains the connection password, Returning the connection password to the wifi sharing application. When the security detection server detects that the wifi sharing application can connect to the wifi network “XXX” through the connection password, the security detection server determines that the connection password is malicious data, that is, The wifi "XXX" has been shared, that is, the wifi application function has an insecure problem.
需要说明的是,在本实施例中由于该安全检测环境是模拟的移动终端运行环境或者是真实的移动终端运行环境,使得上述预置应用程序能够判断出当前的运行环境就是真实的移动终端运行环境,从而能够运行该预置应用程序。It should be noted that, in this embodiment, because the security detection environment is a simulated mobile terminal operating environment or a real mobile terminal operating environment, the preset application program can determine that the current operating environment is a real mobile terminal operation. The environment is thus able to run the preset application.
具体地,在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全的步骤,还包括:对预置应用程序访问的预置应用程序编程接口进行拦截并获取拦截数据信息;判断拦截数据信息是否为恶意数据。Specifically, in the security detection environment, the step of determining whether the security detection function is to be safe is performed by running a preset application corresponding to the security detection function in the security detection request, and further comprising: presetting the preset application access. The application programming interface intercepts and acquires interception data information; determines whether the intercepted data information is malicious data.
例如,当安全检测服务器模拟点击预置应用程序,使得该预置应用程序开始运行时,通过在预置应用程序编程接口API设置拦截层,对该预置应用程序调用预置应用程序编程接口时获取的应用数据进行拦截和获取;安全检测服务器对拦截到的应用数据进行分析,判断该应用数据是否为恶意数据,当判断该应用数据为恶意数据,则通过安全检测客户端告知用户待检测的应用功能存在不安全问题。For example, when the security detection server simulates clicking on the preset application so that the preset application starts running, by setting the interception layer in the preset application programming interface API, when the preset application programming interface is called for the preset application, The obtained application data is intercepted and acquired; the security detection server analyzes the intercepted application data to determine whether the application data is malicious data, and when the application data is determined to be malicious data, the security detection client notifies the user to be detected. There are insecure issues with the application features.
需要说明的是,预置应用程序编程接口为预置应用程序在对用户可能造成损失时调用的应用程序编程接口,如在获取到用户隐私数据或者用户财产数据等时调用的应用程序编程接口。It should be noted that the preset application programming interface is an application programming interface that is called when the preset application may cause a loss to the user, such as an application programming interface that is called when acquiring user privacy data or user property data.
步骤S103:将判断结果发送至安全检测客户端,以告知用户待安全检测功能的安全检测结果。Step S103: Send the determination result to the security detection client to inform the user of the security detection result of the security detection function.
具体地,安全检测服务器将判断结果,如wifi网络“XXX”存在不安全问题,发送至用户的安全检测客户端,以告知用户其移动终端的wifi网络存在不安全问题,并提示及时更换密码。Specifically, the security detection server sends a judgment result, such as the wifi network "XXX", to the security detection client of the user, to inform the user that the wifi network of the mobile terminal is insecure, and prompts to change the password in time.
需要说明的是,在本实施例中若判断结果为待安全检测功能不存在安全问题,也可将该判断结果发送至用户的安全检测客户端。It should be noted that, in the embodiment, if the result of the determination is that the security detection function does not have a security problem, the determination result may be sent to the security detection client of the user.
图3为本发明中的另一个实施例的安全检测的装置的结构框架示意图。3 is a schematic structural view of a device for safety detection according to another embodiment of the present invention.
设置模块301,当检测到安全检测请求,基于安全检测请求设置安全检测环境;判断模块302,在安全检测环境中,通过运行与安全检测请求 中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全;发送模块303,将判断结果发送至安全检测客户端,以告知用户待安全检测功能的安全检测结果。The setting module 301, when detecting the security detection request, sets a security detection environment based on the security detection request; the determining module 302 determines, in the security detection environment, by running a preset application corresponding to the security detection function in the security detection request. Whether the security detection function is safe or not; the sending module 303 sends the determination result to the security detection client to inform the user of the security detection result of the security detection function.
以下针对各个模块的具体实现做进一步的说明:The following is a further description of the specific implementation of each module:
设置模块301,当检测到安全检测请求,基于安全检测请求设置安全检测环境。The setting module 301 sets a security detection environment based on the security detection request when the security detection request is detected.
具体地,设置模块301包括:确定单元,基于安全检测请求中待安全检测功能的运行条件,确定安全检测环境配置数据;设置单元,根据安全检测配置数据,设置安全检测环境。Specifically, the setting module 301 includes: a determining unit that determines security detection environment configuration data based on an operating condition of the security detection function in the security detection request; and a setting unit that sets the security detection environment according to the security detection configuration data.
例如,当安全检测服务器端接收到来自用户发送的安全检测请求时,通过解析该安全检测请求并获取该安全检测请求中的请求内容以及待安全检测功能的运行条件,如请求内容:检测用户当前智能移动终端的wifi信号的应用功能的安全、待安全检测功能的运行条件:wifi环境,如wifi名称“XXX”、IP地址等;确定单元基于该安全检测请求中的待安全检测功能的运行条件,确定服务器安全检测环境配置数据,如wifi环境配置数据等,设置单元基于该配置数据设置安全检测环境,如基于该wifi环境配置数据将模拟移动终端运行环境设置到该wifi环境中。For example, when the security detection server receives the security detection request sent by the user, by parsing the security detection request and obtaining the content of the request in the security detection request and the operating condition of the security detection function, such as requesting content: detecting the current user The security function of the wifi signal of the intelligent mobile terminal, the operating condition of the security detection function: wifi environment, such as wifi name "XXX", IP address, etc.; the determining unit is based on the operating condition of the security detection function in the security detection request The server security detection environment configuration data, such as the wifi environment configuration data, is set, and the setting unit sets the security detection environment based on the configuration data, for example, setting the simulated mobile terminal operating environment to the wifi environment based on the wifi environment configuration data.
需要说明的是,在本实施例中通过沙箱进行模拟移动终端运行环境;在本实施例中还可以将wifi配置数据直接设置到预置的真实机器中的运行环境中。It should be noted that, in this embodiment, the operating environment of the mobile terminal is simulated by the sandbox; in this embodiment, the wifi configuration data can also be directly set to the operating environment in the preset real machine.
判断模块302,在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测功能是否安全。The determining module 302 determines whether the security detecting function is safe by running a preset application corresponding to the security detecting function in the security detecting request in the security detecting environment.
具体地,判断模块302如图4所示,包括:运行单元401,在安全检测环境中,运行与待安全检测功能相对应的预置应用程序,并对预置应用程序进行模拟操作;第一拦截单元402,当预置应用程序向其对应的目标服务发送任一模拟操作产生的数据请求时,拦截并获取数据请求;转发单元403,将数据请求转发至安全检测客户端,以使得安全检测客户端将数据请求发送至目标服务器;接收单元404,接收通过安全检测客户端返回的目标服务器响应于数据请求的反馈数据信息;第一判断单元405,基于 返回的反馈数据信息,判断待安全检测功能是否安全。Specifically, the determining module 302, as shown in FIG. 4, includes: an operating unit 401, in the security detecting environment, running a preset application corresponding to the security detecting function, and performing an analog operation on the preset application; The intercepting unit 402 intercepts and acquires the data request when the preset application sends a data request generated by any of the simulation operations to its corresponding target service; the forwarding unit 403 forwards the data request to the security detection client to enable the security detection. The client sends the data request to the target server; the receiving unit 404 receives the feedback data information of the target server returned by the security detection client in response to the data request; the first determining unit 405 determines the to-be-safe detection based on the returned feedback data information. Whether the function is safe.
其中,拦截单元,通过钩子函数对预置应用程序向其对应的目标服务发送的数据请求进行拦截,并获取该数据请求。The intercepting unit intercepts the data request sent by the preset application to its corresponding target service through the hook function, and acquires the data request.
第一判断单元,判断反馈数据信息是否为恶意数据。The first determining unit determines whether the feedback data information is malicious data.
例如,运行单元401在设置完成的安全检测环境中,通过运行相应的安装在安全检测环境中的预置应用程序:wifi分享应用程序来检测wifi网络“XXX”应用功能是否安全;通过模拟点击操作运行wifi分享应用程序,并通过该wifi分享应用程序自动搜索到该wifi网络“XXX”,该wifi分享应用程序连接该wifi网络时,即该wifi分享应用程序向该wifi分享应用程序对应的服务器发送连接请求时,第一拦截单元402基于在应用程序程序编程接口设置的拦截层,通过拦截单元钩子函数拦截并获取该连接请求进行,并由转发单元403将该连接请求转发至用户的安全检测客户端,使得通过用户的安全检测客户端将该连接请求发送至该wifi分享应用程序的服务器;当该wifi分享应用程序的服务器接收到该连接请求时,若该wifi网络“XXX”已被其他用户所分享,则该wifi分享应用程序的服务器中存储有该wifi网络“XXX”的连接密码,该wifi分享应用程序的服务器会将该连接密码返回至安全检测客户端,再经安全检测客户端返回至安全检测服务器;当接收单元404接收到该连接密码后,将该连接密码返回至该wifi分享应用程序,当安全检测服务器检测到该wifi分享应用程序可以通过该连接密码连接上该wifi网络“XXX”,则第一判断单元405判断该连接密码为恶意数据,即该wifi“XXX”已被分享,即该wifi应用功能存在不安全问题。For example, the running unit 401 detects whether the wifi network "XXX" application function is safe by running a corresponding preset application installed in the security detection environment: the wifi sharing application in the set security detection environment; Running the wifi sharing application, and automatically searching for the wifi network "XXX" through the wifi sharing application, when the wifi sharing application connects to the wifi network, that is, the wifi sharing application sends the server corresponding to the wifi sharing application When the connection request is made, the first intercepting unit 402 intercepts and acquires the connection request by the intercepting unit hook function based on the intercepting layer set in the application programming interface, and forwards the connection request to the user's security detecting client by the forwarding unit 403. Ending, so that the connection request is sent to the server of the wifi sharing application by the user's security detection client; when the server of the wifi sharing application receives the connection request, if the wifi network "XXX" has been used by other users Shared, then the server of the wifi sharing application The connection password of the wifi network "XXX" is stored, and the server of the wifi sharing application returns the connection password to the security detection client, and then returns to the security detection server via the security detection client; when the receiving unit 404 receives After the password is connected, the connection password is returned to the wifi sharing application. When the security detecting server detects that the wifi sharing application can connect to the wifi network "XXX" through the connection password, the first determining unit 405 determines the password. The connection password is malicious data, that is, the wifi "XXX" has been shared, that is, the wifi application function has an insecure problem.
需要说明的是,在本实施例中由于该安全检测环境是模拟的移动终端运行环境或者是真实的移动终端运行环境,使得上述预置应用程序能够判断出当前的运行环境就是真实的移动终端运行环境,从而能够运行该预置应用程序。It should be noted that, in this embodiment, because the security detection environment is a simulated mobile terminal operating environment or a real mobile terminal operating environment, the preset application program can determine that the current operating environment is a real mobile terminal operation. The environment is thus able to run the preset application.
具体地,判断模块还包括:第二拦截单元,对预置应用程序访问的预置应用程序编程接口进行拦截并获取拦截数据信息;第二判断单元,判断拦截数据信息是否为恶意数据。Specifically, the determining module further includes: a second intercepting unit that intercepts the preset application programming interface accessed by the preset application and acquires the intercepted data information; and the second determining unit determines whether the intercepted data information is malicious data.
例如,当安全检测服务器模拟点击预置应用程序,使得该预置应用程序开始运行时,第二拦截单元通过在预置应用程序编程接口API设置拦截层,对该预置应用程序调用预置应用程序编程接口时获取的应用数据进行拦截和获取;安全检测服务器对拦截到的应用数据进行分析,第二判断单元判断该应用数据是否为恶意数据,当判断该应用数据为恶意数据,则通过安全检测客户端告知用户待检测的应用功能存在不安全问题。For example, when the security detection server simulates clicking on the preset application so that the preset application starts running, the second intercepting unit calls the preset application by setting the interception layer in the preset application programming interface API. The application data acquired during the programming interface is intercepted and acquired; the security detection server analyzes the intercepted application data, and the second determining unit determines whether the application data is malicious data, and when determining that the application data is malicious data, The detection client informs the user that there is an insecure problem with the application function to be detected.
需要说明的是,预置应用程序编程接口为预置应用程序在对用户可能造成损失时调用的应用程序编程接口,如在获取到用户隐私数据或者用户财产数据等时调用的应用程序编程接口。It should be noted that the preset application programming interface is an application programming interface that is called when the preset application may cause a loss to the user, such as an application programming interface that is called when acquiring user privacy data or user property data.
发送模块303,将判断结果发送至安全检测客户端,以告知用户待安全检测功能的安全检测结果。The sending module 303 sends the determination result to the security detection client to inform the user of the security detection result of the security detection function.
具体地,发送模块303将判断结果,如wifi网络“XXX”存在不安全问题,发送至用户的安全检测客户端,以告知用户其移动终端的wifi网络存在不安全问题,并提示及时更换密码。Specifically, the sending module 303 sends the determination result, such as the wifi network "XXX", to the security detection client of the user, to inform the user that the wifi network of the mobile terminal is insecure, and prompts to replace the password in time.
需要说明的是,在本实施例中若判断结果为待安全检测功能不存在安全问题,也可将该判断结果发送至用户的安全检测客户端。It should be noted that, in the embodiment, if the result of the determination is that the security detection function does not have a security problem, the determination result may be sent to the security detection client of the user.
图5为本发明中的又一个实施例的安全检测的系统的结构框架示意图。FIG. 5 is a schematic structural diagram of a system for security detection according to still another embodiment of the present invention.
安全检测的系统,包括安全检测平台501和安全检测客户端502;安全检测平台501,当检测到安全检测请求,基于安全检测请求设置安全检测环境;在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测应用程序是否安全;将判断结果发送至安全检测客户端502;安全检测客户端502,接收安全检测平台发送的判断结果,并告知用户待安全检测功能的安全检测结果。The security detection system includes a security detection platform 501 and a security detection client 502. The security detection platform 501 sets a security detection environment based on the security detection request when detecting the security detection request, and passes the operation and security detection request in the security detection environment. The preset application corresponding to the security detection function determines whether the security detection application is safe; sends the determination result to the security detection client 502; the security detection client 502 receives the judgment result sent by the security detection platform, and informs The security test result of the user's security detection function.
以下针对各个系统组成部分的具体实现做进一步的说明:The following is a further description of the specific implementation of each system component:
安全检测平台501,当检测到安全检测请求,基于安全检测请求设置安全检测环境;在安全检测环境中,通过运行与安全检测请求中待安全检测功能相对应的预置应用程序来判断待安全检测应用程序是否安全;将判断结果发送至安全检测客户端502。The security detection platform 501, when detecting the security detection request, sets a security detection environment based on the security detection request; in the security detection environment, determining the to-be-safe detection by running a preset application corresponding to the security detection function in the security detection request Whether the application is secure; the judgment result is sent to the security detection client 502.
具体地,安全检测的系统还包括辅助平台;辅助平台,基于安全检测请求中待安全检测功能的运行条件,确定安全检测环境配置数据;根据安全检测配置数据,设置安全检测环境。Specifically, the system for security detection further includes an auxiliary platform; the auxiliary platform determines the security detection environment configuration data based on the operating conditions of the security detection function in the security detection request; and sets the security detection environment according to the security detection configuration data.
例如,当安全检测服务器端接收到来自用户发送的安全检测请求时,通过解析该安全检测请求并获取该安全检测请求中的请求内容以及待安全检测功能的运行条件,如请求内容:检测用户当前智能移动终端的wifi信号的应用功能的安全、待安全检测功能的运行条件:wifi环境,如wifi名称“XXX”、IP地址等;辅助平台基于该安全检测请求中的待安全检测功能的运行条件,确定服务器安全检测环境配置数据,如wifi环境配置数据等,基于该配置数据设置安全检测环境,如基于该wifi环境配置数据将模拟移动终端运行环境设置到该wifi环境中。For example, when the security detection server receives the security detection request sent by the user, by parsing the security detection request and obtaining the content of the request in the security detection request and the operating condition of the security detection function, such as requesting content: detecting the current user The security function of the wifi signal of the intelligent mobile terminal, the operating condition of the security detection function: wifi environment, such as wifi name "XXX", IP address, etc.; the auxiliary platform is based on the operating condition of the security detection function in the security detection request The server security detection environment configuration data, such as the wifi environment configuration data, is set, and the security detection environment is set based on the configuration data, for example, the simulated mobile terminal operating environment is set to the wifi environment based on the wifi environment configuration data.
需要说明的是,在本实施例中通过沙箱进行模拟移动终端运行环境;在本实施例中还可以将wifi配置数据直接设置到预置的真实机器中的运行环境中。It should be noted that, in this embodiment, the operating environment of the mobile terminal is simulated by the sandbox; in this embodiment, the wifi configuration data can also be directly set to the operating environment in the preset real machine.
具体地,安全检测平台501包括操作系统平台和转发平台;操作系统平台,在安全检测环境中,运行与待安全检测功能相对应的预置应用程序,并对预置应用程序进行模拟操作;当预置应用程序向其对应的目标服务发送任一模拟操作产生的数据请求时,拦截并获取数据请求;并将数据请求发送至转发平台;基于转发平台返回的反馈数据信息,判断待安全检测功能是否安全;转发平台,接收操作系统平台发送的数据请求;并将数据请求转发至安全检测客户端502,以使得安全检测客户端502将数据请求发送至目标服务器;接收通过安全检测客户端502返回的目标服务器响应于数据请求的反馈数据信息;并将反馈数据信息发送至操作系统平台。Specifically, the security detection platform 501 includes an operating system platform and a forwarding platform; the operating system platform runs a preset application corresponding to the security detection function in the security detection environment, and performs an analog operation on the preset application; When the preset application sends a data request generated by any simulation operation to its corresponding target service, intercepts and acquires the data request; and sends the data request to the forwarding platform; and determines the security detection function based on the feedback data information returned by the forwarding platform. Whether it is secure; the forwarding platform receives the data request sent by the operating system platform; and forwards the data request to the security detection client 502, so that the security detection client 502 sends the data request to the target server; the receiving is returned by the security detection client 502. The target server responds to the data request feedback data information; and sends the feedback data information to the operating system platform.
其中,转发平台包括VPN客户端和VPN服务器;VPN客户端,接收操作系统平台发送的数据请求;并将数据请求发送至VPN服务器;接收通过VPN服务器返回的目标服务器响应于数据请求的反馈数据信息;并将反馈数据信息发送至操作系统平台;VPN服务器,接收VPN客户端发送的数据请求,并将数据请求发送至安全检测客户端502;接收通过安全检测客户端502返回的目标服务器响应于数据请求的反馈数据信息;并将 反馈数据信息发送至VPN客户端。The forwarding platform includes a VPN client and a VPN server; the VPN client receives the data request sent by the operating system platform; and sends the data request to the VPN server; and receives the feedback data information of the target server returned by the VPN server in response to the data request. And sending the feedback data information to the operating system platform; the VPN server receives the data request sent by the VPN client, and sends the data request to the security detection client 502; and receives the target server returned by the security detection client 502 to respond to the data. The requested feedback data information; and the feedback data information is sent to the VPN client.
例如,操作系统平台在设置完成的安全检测环境中,通过运行相应的安装在安全检测环境中的预置应用程序:wifi分享应用程序来检测wifi网络“XXX”应用功能是否安全;通过模拟点击操作运行wifi分享应用程序,并通过该wifi分享应用程序自动搜索到该wifi网络“XXX”,该wifi分享应用程序连接该wifi网络时,即该wifi分享应用程序向该wifi分享应用程序对应的服务器发送连接请求时,安全检测服务器基于在应用程序程序编程接口设置的拦截层,通过钩子函数拦截并获取该连接请求进行,并由安全检测服务器将该连接请求转发至VPN客户端;VPN客户端,接收操作系统平台发送的连接请求;并将连接请求发送至VPN服务器;VPN服务器将连接请求转发至用户的安全检测客户端502,使得通过用户的安全检测客户端502将该连接请求发送至该wifi分享应用程序的服务器;当该wifi分享应用程序的服务器接收到该连接请求时,若该wifi网络“XXX”已被其他用户所分享,则该wifi分享应用程序的服务器中存储有该wifi网络“XXX”的连接密码,该wifi分享应用程序的服务器会将该连接密码返回至安全检测客户端502,再经安全检测客户端502返回至VPN服务器;VPN服务器将该连接密码返回至VPN客户端;VPN客户端将该连接密码返回至操作系统平台;当操作系统平台获取到该连接密码后,将该连接密码返回至该wifi分享应用程序,当操作系统平台检测到该wifi分享应用程序可以通过该连接密码连接上该wifi网络“XXX”,则操作系统平台判断该连接密码为恶意数据,即该wifi“XXX”已被分享,即该wifi应用功能存在不安全问题。For example, the operating system platform detects whether the wifi network "XXX" application function is safe by running a corresponding preset application installed in the security detection environment: the wifi sharing application in the set security detection environment; Running the wifi sharing application, and automatically searching for the wifi network "XXX" through the wifi sharing application, when the wifi sharing application connects to the wifi network, that is, the wifi sharing application sends the server corresponding to the wifi sharing application When the connection request is made, the security detection server intercepts and acquires the connection request through the hook function based on the interception layer set in the application programming interface, and the connection request is forwarded to the VPN client by the security detection server; the VPN client receives a connection request sent by the operating system platform; and the connection request is sent to the VPN server; the VPN server forwards the connection request to the security detection client 502 of the user, so that the connection request is sent to the wifi sharing by the security detection client 502 of the user Application server; when When the server of the wifi sharing application receives the connection request, if the wifi network "XXX" has been shared by other users, the server of the wifi sharing application stores the connection password of the wifi network "XXX", the wifi The server sharing the application will return the connection password to the security detection client 502, and then return to the VPN server via the security detection client 502; the VPN server returns the connection password to the VPN client; the VPN client returns the connection password. To the operating system platform; when the operating system platform obtains the connection password, the connection password is returned to the wifi sharing application, and when the operating system platform detects that the wifi sharing application can connect to the wifi network through the connection password " XXX", the operating system platform determines that the connection password is malicious data, that is, the wifi "XXX" has been shared, that is, the wifi application function has an insecure problem.
需要说明的是,在本实施例中由于该安全检测环境是模拟的移动终端运行环境或者是真实的移动终端运行环境,使得上述预置应用程序能够判断出当前的运行环境就是真实的移动终端运行环境,从而能够运行该预置应用程序。It should be noted that, in this embodiment, because the security detection environment is a simulated mobile terminal operating environment or a real mobile terminal operating environment, the preset application program can determine that the current operating environment is a real mobile terminal operation. The environment is thus able to run the preset application.
具体地,安全检测平台501,对预置应用程序访问的预置应用程序编程接口进行拦截并获取拦截数据信息;判断拦截数据信息是否为恶意数据。Specifically, the security detection platform 501 intercepts the preset application programming interface accessed by the preset application and acquires the interception data information; and determines whether the intercepted data information is malicious data.
例如,当安全检测平台501模拟点击预置应用程序,使得该预置应用程序开始运行时,通过在预置应用程序编程接口API设置拦截层,对该预置应用程序调用预置应用程序编程接口时获取的应用数据进行拦截和获取;安全检测平台501对拦截到的应用数据进行分析,判断该应用数据是否为恶意数据,当判断该应用数据为恶意数据,则通过安全检测客户端502告知用户待检测的应用功能存在不安全问题。For example, when the security detection platform 501 simulates clicking on the preset application so that the preset application starts running, the preset application programming interface is called for the preset application by setting the interception layer in the preset application programming interface API. The application data obtained at the time is intercepted and acquired; the security detection platform 501 analyzes the intercepted application data to determine whether the application data is malicious data, and when the application data is determined to be malicious data, the user is notified by the security detection client 502. There is an insecure problem with the application function to be detected.
需要说明的是,预置应用程序编程接口为预置应用程序在对用户可能造成损失时调用的应用程序编程接口,如在获取到用户隐私数据或者用户财产数据等时调用的应用程序编程接口。It should be noted that the preset application programming interface is an application programming interface that is called when the preset application may cause a loss to the user, such as an application programming interface that is called when acquiring user privacy data or user property data.
安全检测客户端502,接收安全检测平台发送的判断结果,并告知用户待安全检测功能的安全检测结果。The security detection client 502 receives the judgment result sent by the security detection platform, and informs the user of the security detection result of the security detection function.
具体地,安全检测平台501将判断结果,如wifi网络“XXX”存在不安全问题,发送至用户的安全检测客户端502,安全检测客户端502告知用户其移动终端的wifi网络存在不安全问题,并提示及时更换密码。Specifically, the security detection platform 501 sends the determination result, such as the wifi network "XXX", to the security detection client 502 of the user, and the security detection client 502 informs the user that the wifi network of the mobile terminal is insecure. And prompt to change the password in time.
需要说明的是,在本实施例中若判断结果为待安全检测功能不存在安全问题,也可将该判断结果发送至用户的安全检测客户端502。It should be noted that, in the embodiment, if the result of the determination is that the security detection function does not have a security problem, the determination result may be sent to the security detection client 502 of the user.
本发明的再一个实施例提出了一种安全检测的服务器,包括存储器、处理器以及存储在存储器上并在处理器上运行的计算机程序;处理器执行计算机程序时实现上述安全检测的方法。由于这些技术方案已在上述实施例中清楚地阐述过,在此就不再赘述。Still another embodiment of the present invention provides a server for security detection, comprising a memory, a processor, and a computer program stored on the processor and running on the processor; and the method for implementing the security detection when the processor executes the computer program. Since these technical solutions have been clearly explained in the above embodiments, they will not be described again here.
图6示出了可以实现根据本发明的安全检测的服务器(下述统称为服务器)。该服务器传统上包括处理器610和以存储器620形式的计算机程序产品或者计算机可读介质。存储器620可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器620具有用于执行上述方法中的任何方法步骤的程序代码631的存储空间630。例如,用于程序代码的存储空间630可以包括分别用于实现上面的方法中的各种步骤的各个程序代码631。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或 者软盘之类的程序代码载体。这样的计算机程序产品通常为如参考图7所述的便携式或者固定存储单元。该存储单元可以具有与图6中的存储器620类似布置的存储段或者存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括用于执行根据本发明的方法步骤的程序代码631’,即可以由例如诸如610之类的处理器读取的代码,这些代码当由服务器运行时,导致该服务器执行上面所描述的方法中的各个步骤。Fig. 6 shows a server (hereinafter collectively referred to as a server) that can implement security detection according to the present invention. The server conventionally includes a processor 610 and a computer program product or computer readable medium in the form of a memory 620. The memory 620 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM. Memory 620 has a memory space 630 for program code 631 for performing any of the method steps described above. For example, storage space 630 for program code may include various program code 631 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG. The storage unit may have a storage section or a storage space or the like arranged similarly to the memory 620 in FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit comprises program code 631' for performing the steps of the method according to the invention, ie code that can be read by a processor, such as 610, which, when run by the server, causes the server to execute the above Each step in the described method.
本技术领域技术人员可以理解,本发明包括涉及用于执行本申请中所述操作中的一项或多项的设备。这些设备可以为所需的目的而专门设计和制造,或者也可以包括通用计算机中的已知设备。这些设备具有存储在其内的计算机程序,这些计算机程序选择性地激活或重构。这样的计算机程序可以被存储在设备(例如,计算机)可读介质中或者存储在适于存储电子指令并分别耦联到总线的任何类型的介质中,所述计算机可读介质包括但不限于任何类型的盘(包括软盘、硬盘、光盘、CD-ROM、和磁光盘)、ROM(Read-Only Memory,只读存储器)、RAM(Random Access Memory,随即存储器)、EPROM(Erasable Programmable Read-Only Memory,可擦写可编程只读存储器)、EEPROM(Electrically Erasable Programmable Read-Only Memory,电可擦可编程只读存储器)、闪存、磁性卡片或光线卡片。也就是,可读介质包括由设备(例如,计算机)以能够读的形式存储或传输信息的任何介质。Those skilled in the art will appreciate that the present invention includes apparatus related to performing one or more of the operations described herein. These devices may be specially designed and manufactured for the required purposes, or may also include known devices in a general purpose computer. These devices have computer programs stored therein that are selectively activated or reconfigured. Such computer programs may be stored in a device (eg, computer) readable medium or in any type of medium suitable for storing electronic instructions and coupled to a bus, respectively, including but not limited to any Types of disks (including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory), RAM (Random Access Memory), EPROM (Erasable Programmable Read-Only Memory) , EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or light card. That is, a readable medium includes any medium that is stored or transmitted by a device (eg, a computer) in a readable form.
本技术领域技术人员可以理解,可以用计算机程序指令来实现这些结构图和/或框图和/或流图中的每个框以及这些结构图和/或框图和/或流图中的框的组合。本技术领域技术人员可以理解,可以将这些计算机程序指令提供给通用计算机、专业计算机或其他可编程数据处理方法的处理器来实现,从而通过计算机或其他可编程数据处理方法的处理器来执行本发明公开的结构图和/或框图和/或流图的框或多个框中指定的方案。Those skilled in the art will appreciate that each block of the block diagrams and/or block diagrams and/or flow diagrams and combinations of blocks in the block diagrams and/or block diagrams and/or flow diagrams can be implemented by computer program instructions. . Those skilled in the art will appreciate that these computer program instructions can be implemented by a general purpose computer, a professional computer, or a processor of other programmable data processing methods, such that the processor is executed by a computer or other programmable data processing method. The blocks of the disclosed structure and/or block diagrams and/or flow diagrams or blocks specified in the various blocks.
本技术领域技术人员可以理解,本发明中已经讨论过的各种操作、方法、流程中的步骤、措施、方案可以被交替、更改、组合或删除。进一步地,具有本发明中已经讨论过的各种操作、方法、流程中的其他步骤、措施、方案也可以被交替、更改、重排、分解、组合或删除。进一步地,现 有技术中的具有与本发明中公开的各种操作、方法、流程中的步骤、措施、方案也可以被交替、更改、重排、分解、组合或删除。Those skilled in the art can understand that the steps, measures, and solutions in the various operations, methods, and processes that have been discussed in the present invention may be alternated, changed, combined, or deleted. Further, other steps, measures, and schemes of the various operations, methods, and processes that have been discussed in the present invention may be alternated, modified, rearranged, decomposed, combined, or deleted. Further, the steps, measures, and solutions in the various operations, methods, and processes disclosed in the present invention may be alternated, modified, rearranged, decomposed, combined, or deleted.
以上所述仅是本发明的部分实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above is only a part of the embodiments of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. It should be considered as the scope of protection of the present invention.

Claims (19)

  1. 一种安全检测的方法,包括:A method of security detection, including:
    当检测到安全检测请求,基于所述安全检测请求设置安全检测环境;When a security detection request is detected, setting a security detection environment based on the security detection request;
    在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测功能是否安全;In the security detection environment, determining whether the to-be-safe detection function is safe by running a preset application corresponding to the to-be-safe detection function in the security detection request;
    将判断结果发送至安全检测客户端,以告知用户所述待安全检测功能的安全检测结果。Sending the judgment result to the security detection client to inform the user of the security detection result of the security detection function to be performed.
  2. 根据权利要求1所述的方法,其中,基于所述安全检测请求设置安全检测环境,包括:The method of claim 1, wherein setting the security detection environment based on the security detection request comprises:
    基于所述安全检测请求中待安全检测功能的运行条件,确定安全检测环境配置数据;Determining security detection environment configuration data based on an operating condition of the security detection function in the security detection request;
    根据所述安全检测配置数据,设置安全检测环境。A security detection environment is set according to the security detection configuration data.
  3. 根据权利要求1或2所述的方法,其中,在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测功能是否安全,包括:The method according to claim 1 or 2, wherein in the security detection environment, whether the to-be-safe detection function is determined by running a preset application corresponding to the security detection function in the security detection request Security, including:
    在所述安全检测环境中,运行与所述待安全检测功能相对应的所述预置应用程序,并对所述预置应用程序进行模拟操作;In the security detection environment, running the preset application corresponding to the to-be-detected function, and performing an analog operation on the preset application;
    当所述预置应用程序向其对应的目标服务器发送任一模拟操作所产生的数据请求时,拦截并获取所述数据请求;Intercepting and acquiring the data request when the preset application sends a data request generated by any of the simulation operations to its corresponding target server;
    将所述数据请求转发至所述安全检测客户端,以使得所述安全检测客户端将所述数据请求发送至所述目标服务器;Forwarding the data request to the security detection client, such that the security detection client sends the data request to the target server;
    接收通过所述安全检测客户端返回的所述目标服务器响应于所述数据请求的反馈数据信息;Receiving feedback data information of the target server returned by the security detection client in response to the data request;
    基于返回的反馈数据信息,判断所述待安全检测功能是否安全。Based on the returned feedback data information, it is determined whether the to-be-safe detection function is secure.
  4. 根据权利要求3所述的方法,其中,拦截并获取所述数据请求的步骤,包括:The method of claim 3 wherein the step of intercepting and obtaining the data request comprises:
    通过钩子函数对所述预置应用程序向其对应的目标服务器发送的数据请求进行拦截,并获取该数据请求。The data request sent by the preset application to its corresponding target server is intercepted by a hook function, and the data request is obtained.
  5. 根据权利要求3所述的方法,其中,基于返回的反馈数据信息,判断所述待安全检测功能是否安全的步骤,包括:The method according to claim 3, wherein the step of determining whether the to-be-safety detection function is safe based on the returned feedback data information comprises:
    判断所述反馈数据信息是否为恶意数据。Determining whether the feedback data information is malicious data.
  6. 根据权利要求3所述的方法,其中,在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测功能是否安全的步骤,还包括:The method according to claim 3, wherein in the security detection environment, whether the to-be-safe detection function is safe is determined by running a preset application corresponding to the security detection function in the security detection request. The steps also include:
    对所述预置应用程序访问的预置应用程序编程接口进行拦截并获取拦截数据信息;Intercepting a preset application programming interface accessed by the preset application and acquiring interception data information;
    判断所述拦截数据信息是否为恶意数据。Determining whether the intercepted data information is malicious data.
  7. 一种安全检测的装置,包括:A device for safety detection, comprising:
    至少一个处理器;At least one processor;
    以及,至少一个存储器,其与所述至少一个处理器可通信地连接;所述至少一个存储器包括处理器可执行的指令,当所述处理器可执行的指令由所述至少一个处理器执行时,致使所述装置执行至少以下操作:And at least one memory communicatively coupled to the at least one processor; the at least one memory comprising processor-executable instructions when the processor-executable instructions are executed by the at least one processor Causing the device to perform at least the following operations:
    当检测到安全检测请求,基于所述安全检测请求设置安全检测环境;When a security detection request is detected, setting a security detection environment based on the security detection request;
    在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测功能是否安全;In the security detection environment, determining whether the to-be-safe detection function is safe by running a preset application corresponding to the to-be-safe detection function in the security detection request;
    将判断结果发送至安全检测客户端,以告知用户所述待安全检测功能的安全检测结果。Sending the judgment result to the security detection client to inform the user of the security detection result of the security detection function to be performed.
  8. 根据权利要求7所述的装置,其中,所述基于所述安全检测请求设置安全检测环境的操作,包括:The apparatus according to claim 7, wherein the setting of the security detection environment based on the security detection request comprises:
    基于所述安全检测请求中待安全检测功能的运行条件,确定安全检测环境配置数据;Determining security detection environment configuration data based on an operating condition of the security detection function in the security detection request;
    根据所述安全检测配置数据,设置安全检测环境。A security detection environment is set according to the security detection configuration data.
  9. 根据权利要求7或8所述的装置,其中,所述在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测功能是否安全的操作,包括:The apparatus according to claim 7 or 8, wherein said said security detection environment determines said to be safely detected by running a preset application corresponding to said security detection function in said security detection request Whether the function is safe, including:
    在所述安全检测环境中,运行与所述待安全检测功能相对应的所述预置应用程序,并对所述预置应用程序进行模拟操作;In the security detection environment, running the preset application corresponding to the to-be-detected function, and performing an analog operation on the preset application;
    当所述预置应用程序向其对应的目标服务器发送任一模拟操作所产生的数据请求时,拦截并获取所述数据请求;Intercepting and acquiring the data request when the preset application sends a data request generated by any of the simulation operations to its corresponding target server;
    将所述数据请求转发至所述安全检测客户端,以使得所述安全检测客户端将所述数据请求发送至所述目标服务器;Forwarding the data request to the security detection client, such that the security detection client sends the data request to the target server;
    接收通过所述安全检测客户端返回的所述目标服务器响应于所述数据请求的反馈数据信息;Receiving feedback data information of the target server returned by the security detection client in response to the data request;
    基于返回的反馈数据信息,判断所述待安全检测功能是否安全。Based on the returned feedback data information, it is determined whether the to-be-safe detection function is secure.
  10. 根据权利要求9所述的装置,其中,所述拦截并获取所述数据请求的操作,包括:The apparatus of claim 9, wherein the intercepting and acquiring the data request operation comprises:
    通过钩子函数对所述预置应用程序向其对应的目标服务器发送的数据请求进行拦截,并获取该数据请求。The data request sent by the preset application to its corresponding target server is intercepted by a hook function, and the data request is obtained.
  11. 根据权利要求9所述的装置,其中,所述基于返回的反馈数据信息,判断所述待安全检测功能是否安全的操作,包括:The device according to claim 9, wherein the determining, based on the returned feedback data information, whether the security detection function is safe, comprises:
    判断所述反馈数据信息是否为恶意数据。Determining whether the feedback data information is malicious data.
  12. 根据权利要求9所述的装置,其中,所述在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测功能是否安全的操作,还包括:The device according to claim 9, wherein in the security detection environment, whether the to-be-safe detection function is determined by running a preset application corresponding to the security detection function in the security detection request Safe operation also includes:
    对所述预置应用程序访问的预置应用程序编程接口进行拦截并获取拦截数据信息;Intercepting a preset application programming interface accessed by the preset application and acquiring interception data information;
    判断所述拦截数据信息是否为恶意数据。Determining whether the intercepted data information is malicious data.
  13. 一种安全检测的系统,包括安全检测平台和安全检测客户端;A system for security detection, including a security detection platform and a security detection client;
    所述安全检测平台,用于当检测到安全检测请求,基于所述安全检测请求设置安全检测环境;The security detection platform is configured to set a security detection environment based on the security detection request when a security detection request is detected;
    在所述安全检测环境中,通过运行与所述安全检测请求中待安全检测功能相对应的预置应用程序来判断所述待安全检测应用程序是否安全;In the security detection environment, determining whether the to-be-checked application is safe by running a preset application corresponding to the to-be-detected function in the security detection request;
    将判断结果发送至安全检测客户端;Send the judgment result to the security detection client;
    所述安全检测客户端,用于接收所述安全检测平台发送的所述判断结果,并告知用户所述待安全检测功能的安全检测结果。The security detection client is configured to receive the determination result sent by the security detection platform, and notify the user of the security detection result of the security detection function.
  14. 根据权利要求13所述的系统,其中,所述安全检测平台包括操作系统平台和转发平台;The system of claim 13 wherein said security detection platform comprises an operating system platform and a forwarding platform;
    所述操作系统平台,用于在所述安全检测环境中,运行与所述待安全检测功能相对应的所述预置应用程序,并对所述预置应用程序进行模拟操作;The operating system platform is configured to run, in the security detection environment, the preset application corresponding to the to-be-detected function, and perform an analog operation on the preset application;
    当所述预置应用程序向其对应的目标服务器发送任一模拟操作所产生的数据请求时,拦截并获取所述数据请求;并将所述数据请求发送至所述转发平台;And when the preset application sends a data request generated by any simulation operation to its corresponding target server, intercepting and acquiring the data request; and sending the data request to the forwarding platform;
    基于所述转发平台返回的反馈数据信息,判断所述待安全检测功能是否安全;Determining whether the to-be-safety detection function is safe based on the feedback data information returned by the forwarding platform;
    所述转发平台,用于接收所述操作系统平台发送的所述数据请求;并将所述数据请求转发至所述安全检测客户端,以使得所述安全检测客户端将所述数据请求发送至所述目标服务器;The forwarding platform is configured to receive the data request sent by the operating system platform, and forward the data request to the security detection client, so that the security detection client sends the data request to The target server;
    接收通过所述安全检测客户端返回的所述目标服务器响应于所述数据请求的反馈数据信息;并将所述反馈数据信息发送至所述操作系统平台。Receiving feedback data information of the target server returned by the security detection client in response to the data request; and transmitting the feedback data information to the operating system platform.
  15. 根据权利要求14所述的系统,其中,所述转发平台包括VPN客户端和VPN服务器;The system of claim 14 wherein said forwarding platform comprises a VPN client and a VPN server;
    所述VPN客户端,用于接收所述操作系统平台发送的所述数据请求;并将所述数据请求发送至所述VPN服务器;接收通过所述VPN服务器返回的目标服务器响应于数据请求的反馈数据信息;并将反馈数据信息发送至所述操作系统平台;The VPN client is configured to receive the data request sent by the operating system platform; and send the data request to the VPN server; and receive feedback of a target server returned by the VPN server in response to a data request Data information; and transmitting feedback data information to the operating system platform;
    所述VPN服务器,用于接收所述VPN客户端发送的所述数据请求,并将所述数据请求发送至所述安全检测客户端;接收通过所述安全检测客户端返回的目标服务器响应于数据请求的反馈数据信息;并将反馈数据信息发送至所述VPN客户端。The VPN server is configured to receive the data request sent by the VPN client, and send the data request to the security detection client; and receive, by the security detection client, a target server that responds to the data The requested feedback data information; and the feedback data information is sent to the VPN client.
  16. 根据权利要求13所述的系统,其中,所述系统还包括辅助平台;The system of claim 13 wherein said system further comprises an auxiliary platform;
    所述辅助平台,用于基于所述安全检测请求中待安全检测功能的运行条件,确定安全检测环境配置数据;根据所述安全检测配置数据,设置安 全检测环境。The auxiliary platform is configured to determine security detection environment configuration data based on an operating condition of the security detection function in the security detection request, and set a security detection environment according to the security detection configuration data.
  17. 一种安全检测的服务器,包括存储器、处理器以及存储在所述存储器上并在所述处理器上运行的计算机程序;其特征在于,所述处理器执行所述计算机程序时实现权利要求1-6任一项所述的安全检测的方法。A server for security detection, comprising a memory, a processor, and a computer program stored on the processor and running on the processor; wherein the processor implements the computer program when implementing the claim 1 The method of security detection according to any of the preceding claims.
  18. 一种计算机程序,包括计算机可读代码,当服务器运行所述计算机可读代码时,导致权利要求1-6中的任一项权利要求所述的方法被执行。A computer program comprising computer readable code, when the server runs the computer readable code, causing the method of any of claims 1-6 to be performed.
  19. 一种计算机可读介质,其中存储了如权利要求18所述的计算机程序。A computer readable medium storing the computer program of claim 18.
PCT/CN2018/090863 2017-08-23 2018-06-12 Security detection method, device, system, and server WO2019037521A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710730947.1 2017-08-23
CN201710730947.1A CN107480530A (en) 2017-08-23 2017-08-23 Method, apparatus, system and the server of safety detection

Publications (1)

Publication Number Publication Date
WO2019037521A1 true WO2019037521A1 (en) 2019-02-28

Family

ID=60602173

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/090863 WO2019037521A1 (en) 2017-08-23 2018-06-12 Security detection method, device, system, and server

Country Status (2)

Country Link
CN (1) CN107480530A (en)
WO (1) WO2019037521A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107480530A (en) * 2017-08-23 2017-12-15 北京奇虎科技有限公司 Method, apparatus, system and the server of safety detection
CN108920944B (en) * 2018-06-12 2023-05-23 腾讯科技(深圳)有限公司 Method and device for detecting auxiliary click event, computer equipment and storage medium
CN112948824B (en) * 2021-03-31 2022-04-26 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
CN116828474B (en) * 2023-08-30 2023-11-14 北京绿色苹果技术有限公司 WiFi implementation method, system and medium based on environmental security

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104424430A (en) * 2013-08-30 2015-03-18 中兴通讯股份有限公司 Method and device for monitoring and reminding application exceptions
CN104685505A (en) * 2012-10-19 2015-06-03 迈克菲公司 Premises aware security
CN106796642A (en) * 2016-12-22 2017-05-31 深圳前海达闼云端智能科技有限公司 Device detection method and system, electronic device, cloud robot system and computer program product
CN107480530A (en) * 2017-08-23 2017-12-15 北京奇虎科技有限公司 Method, apparatus, system and the server of safety detection

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102495988A (en) * 2011-12-19 2012-06-13 北京诺思恒信科技有限公司 Domain-based access control method and system
CN103581145B (en) * 2012-08-06 2017-02-08 联想(北京)有限公司 Electronic equipment and safety protection method applied to same
CN103294955B (en) * 2013-06-28 2016-06-08 北京奇虎科技有限公司 Macrovirus checking and killing method and system
CN103593605B (en) * 2013-10-24 2016-11-09 复旦大学 A kind of Android platform application program dynamic analysis system based on authority usage behavior

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104685505A (en) * 2012-10-19 2015-06-03 迈克菲公司 Premises aware security
CN104424430A (en) * 2013-08-30 2015-03-18 中兴通讯股份有限公司 Method and device for monitoring and reminding application exceptions
CN106796642A (en) * 2016-12-22 2017-05-31 深圳前海达闼云端智能科技有限公司 Device detection method and system, electronic device, cloud robot system and computer program product
CN107480530A (en) * 2017-08-23 2017-12-15 北京奇虎科技有限公司 Method, apparatus, system and the server of safety detection

Also Published As

Publication number Publication date
CN107480530A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
US10348755B1 (en) Systems and methods for detecting network security deficiencies on endpoint devices
US10887307B1 (en) Systems and methods for identifying users
WO2015096695A1 (en) Installation control method, system and device for application program
US10284564B1 (en) Systems and methods for dynamically validating remote requests within enterprise networks
JP6196393B2 (en) System and method for optimizing scanning of pre-installed applications
US8782351B2 (en) Protecting memory of a virtual guest
JP6055574B2 (en) Context-based switching to a secure operating system environment
JP6703616B2 (en) System and method for detecting security threats
US9270467B1 (en) Systems and methods for trust propagation of signed files across devices
WO2019037521A1 (en) Security detection method, device, system, and server
WO2014121713A1 (en) Url interception processing method, device and system
WO2017008581A1 (en) Method, client, and system for testing application
US9888035B2 (en) Systems and methods for detecting man-in-the-middle attacks
US8677508B2 (en) Confidential information leakage prevention system, confidential information leakage prevention method and confidential information leakage prevention program
US10225284B1 (en) Techniques of obfuscation for enterprise data center services
JP6096376B2 (en) Access control method, apparatus, program, and recording medium
US10318272B1 (en) Systems and methods for managing application updates
US9622081B1 (en) Systems and methods for evaluating reputations of wireless networks
KR102379720B1 (en) System for controlling data flow in virtualization terminal and method of the same
US9882931B1 (en) Systems and methods for detecting potentially illegitimate wireless access points
CN110543775B (en) Data security protection method and system based on super-fusion concept
US11176276B1 (en) Systems and methods for managing endpoint security states using passive data integrity attestations
CN108229162B (en) Method for realizing integrity check of cloud platform virtual machine
WO2014178963A1 (en) Requesting and storing certificates for secure connection validation
CN113467895B (en) Docker operation method, docker operation device, server and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18848554

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03/08/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18848554

Country of ref document: EP

Kind code of ref document: A1