WO2022252609A1 - Plug-in protection method and apparatus, and device and storage medium - Google Patents

Plug-in protection method and apparatus, and device and storage medium Download PDF

Info

Publication number
WO2022252609A1
WO2022252609A1 PCT/CN2021/143643 CN2021143643W WO2022252609A1 WO 2022252609 A1 WO2022252609 A1 WO 2022252609A1 CN 2021143643 W CN2021143643 W CN 2021143643W WO 2022252609 A1 WO2022252609 A1 WO 2022252609A1
Authority
WO
WIPO (PCT)
Prior art keywords
plug
current
current window
information
identifier
Prior art date
Application number
PCT/CN2021/143643
Other languages
French (fr)
Chinese (zh)
Inventor
郑劲松
魏狄龙
曹经纬
Original Assignee
三六零科技集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三六零科技集团有限公司 filed Critical 三六零科技集团有限公司
Publication of WO2022252609A1 publication Critical patent/WO2022252609A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Definitions

  • the present invention relates to the field of computer technology, in particular to a plug-in protection method, device, equipment and storage medium.
  • the current online shopping model especially the browser online shopping model, mainly conducts a full-scale scan (global environment scan) for malicious attacks to discover risky programs that may exist in the system.
  • the program is considered to have a security risk) mode, and some malicious attack software can steal user information by loading malicious plug-ins in the browser, but due to the feature of the white list that needs to be actively reported, the white list is added.
  • the white list is added There is a delay in utilization and utilization, and it is impossible to prevent malicious plug-ins from stealing user information in time, which will make the user experience poor, and due to the delay, sometimes adding it in time may even cause losses to users.
  • the main purpose of the present invention is to provide a plug-in protection method, device, equipment and storage medium, aiming to solve the technical problem of delay in security protection of browsers in the prior art.
  • the plug-in protection method includes the following steps:
  • the current process is a protected process, the loading of the plug-in in the current window is prevented.
  • the method before determining whether the current process running in the current window is a protected process according to the process identifier, the method further includes:
  • the loading of the plug-in is controlled according to preset rights management rules.
  • controlling the loading of the plug-in according to preset rights management rules includes:
  • the loading of the plug-in is controlled according to the target loading permission.
  • the judging whether the current process running in the current window is a protected process according to the process identifier includes:
  • the determining the corresponding security verification information according to the target authority information includes:
  • the second check value is used as security check information.
  • the judging whether the current process running in the current window is a protected process according to the check return value includes:
  • the extracted verification return value is the first verification value, it is determined that the current process is a protected process
  • the extracted verification return value is the second verification value, it is determined that the current process is an unprotected process.
  • the method further includes:
  • the loading of the plug-ins in the current window includes:
  • the plug-in is loaded according to the file information.
  • the obtaining the class identifier of the plug-in in the current window includes:
  • the acquiring the file information of the plug-in according to the class identifier includes:
  • the file information of the plug-in corresponding to the class identifier is obtained from the registry through the second path.
  • the current process after loading the plug-in in the current window, it further includes:
  • the legality detection of the traffic data includes:
  • controlling the running plug-in according to the traffic detection result includes:
  • the traffic data includes the user information, delete the file information corresponding to the plug-in from the registry, so that the plug-in stops running.
  • the method further includes:
  • the loading interception report is displayed.
  • the plug-in protection device includes:
  • An acquisition module configured to acquire the process identifier of the current process running in the current window when it is detected that a plug-in is loaded in the current window;
  • a judging module configured to judge whether the current process running in the current window is a protected process according to the process identifier
  • a control module configured to prevent the loading of plug-ins in the current window if the current process is a protected process.
  • the plug-in protection device further includes: a detection module
  • the detection module is used to detect whether the plug-in protection function is enabled in the current window
  • the judging module is further configured to judge whether the current process running in the current window is a protected process according to the process identifier if it is detected that the plug-in protection function is enabled in the current window;
  • the control module is further configured to control the loading of the plug-in according to preset rights management rules if it is detected that the plug-in protection function is not enabled in the current window.
  • control module is further configured to load the plug-in in the current window if the current process is an unprotected process.
  • control module is further configured to obtain the class identifier of the plug-in in the current window; obtain the file information of the plug-in according to the class identifier; perform an operation on the plug-in according to the file information load.
  • control module is further configured to obtain the class identifier of the plug-in in the current window from the registry through a first path; obtain the class identifier from the registry through a second path The file information of the corresponding plug-in.
  • the plug-in protection device also includes a monitoring module
  • the monitoring module is configured to obtain real-time flow data of the plug-in during operation after the plug-in is loaded; to detect the validity of the flow data; and to control the running plug-in according to the flow detection result.
  • the present invention also proposes a plug-in protection device, which includes: a memory, a processor, and a plug-in protection program stored in the memory and operable on the processor.
  • the plug-in protection program is configured to implement the steps of the plug-in protection method as described above.
  • the present invention also proposes a storage medium, on which a plug-in protection program is stored, and when the plug-in protection program is executed by a processor, the steps of the above-mentioned plug-in protection method are implemented.
  • the present invention acquires the process identifier of the current process running in the current window when detecting that there is a plug-in loaded in the current window; judges whether the current process running in the current window is protected according to the process identifier process; if the current process is a protected process, the loading of the plug-in in the current window is prevented, and the protected process in the current window is protected by preventing the loading of the plug-in.
  • Browser security protection improves user experience.
  • Fig. 1 is a schematic structural diagram of a plug-in protection device for a hardware operating environment involved in the solution of an embodiment of the present invention
  • Fig. 2 is a schematic flow chart of the first embodiment of the plug-in protection method of the present invention
  • FIG. 3 is a schematic flowchart of a second embodiment of the plug-in protection method of the present invention.
  • FIG. 4 is a schematic flowchart of a third embodiment of the plug-in protection method of the present invention.
  • Fig. 5 is a structural block diagram of the first embodiment of the plug-in protection device of the present invention.
  • FIG. 1 is a schematic structural diagram of a plug-in protection device in a hardware operating environment involved in the solution of an embodiment of the present invention.
  • the plug-in protection device may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005.
  • a processor 1001 such as a central processing unit (Central Processing Unit, CPU)
  • a communication bus 1002 is used to realize connection and communication between these components.
  • the user interface 1003 may include a display screen (Display), an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface.
  • the network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a wireless fidelity (WIreless-FIdelity, WI-FI) interface).
  • WIreless-FIdelity WI-FI
  • the memory 1005 may be a high-speed random access memory (Random Access Memory, RAM) memory, or a stable non-volatile memory (Non-Volatile Memory, NVM), such as a disk memory.
  • RAM Random Access Memory
  • NVM Non-Volatile Memory
  • the memory 1005 may also be a storage device independent of the aforementioned processor 1001 .
  • FIG. 1 does not constitute a limitation on the plug-in protection device, and may include more or less components than shown in the figure, or combine some components, or arrange different components.
  • the memory 1005 as a storage medium may include an operating system, a network communication module, a user interface module, and a plug-in protection program.
  • the network interface 1004 is mainly used for data communication with the network server;
  • the user interface 1003 is mainly used for data interaction with the user;
  • the processor 1001 and the memory 1005 in the plug-in protection device of the present invention can be Set in the plug-in protection device, the plug-in protection device calls the plug-in protection program stored in the memory 1005 through the processor 1001, and executes the plug-in protection method provided by the embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a first embodiment of a plug-in protection method according to the present invention.
  • the plug-in protection method includes the following steps:
  • Step S10 when it is detected that a plug-in is loaded in the current window, obtain the process identifier of the current process running in the current window.
  • the execution subject of this embodiment may be a plug-in protection device
  • the plug-in protection device may be an electronic device such as a personal computer or a server, or other devices that can achieve the same or similar functions.
  • the plug-in protection device of the present invention is used as an example to illustrate the plug-in protection method of the present invention.
  • the plug-in protection device can monitor the browser in real time, obtain browser data, and perform safety detection on the browser according to the obtained data, so as to ensure the safety of users' online shopping and network usage.
  • plug-in in this embodiment refers to a browser plug-in, which is a small computer program that extends the standard functions of the browser and can supplement the functions of the browser.
  • Plug-ins include video plug-ins, picture plug-ins or payment plug-ins.
  • Plug-ins, etc. can open the corresponding videos and pictures of online shopping products for users when they shop online through the browser, but malicious plug-ins will steal the user's personal account information when the user is shopping online, and then use other illegal means to steal the user's personal information. personal property.
  • the running process is detected, because the user usually enters the user's personal account information when the payment process starts. In this embodiment, it detects whether the current process is a payment process, etc. by obtaining the process identifier of the current process running in the current window.
  • all windows opened by the user in the browser have corresponding processes.
  • the process running in the payment window is a secure payment process.
  • the rendering process starts in the browser's current window.
  • the current process running in the current window has a corresponding identifier, that is, a process identifier, and each process has a unique process identifier represented by a non-negative integer, that is, the corresponding process identifiers of each process are different.
  • the process identifier of the current process running in the current window can be read through the task manager, and the process identifier of the current process running in the current window can also be obtained through other methods, which is not limited in this embodiment .
  • Step S20 Determine whether the current process running in the current window is a protected process according to the process identifier.
  • the process identifier 1111 corresponds to the browser rendering process
  • the process identifier 2222 corresponds to the browser loading process
  • the process identifier 3333 corresponds to the browser security payment process. Assuming that the security payment process is a protected process, it can be determined by passing The browser corresponding to the identifier 3333 is a protected process, and the protected process can be set accordingly according to the actual situation, which is not limited in this embodiment.
  • step S20 it also includes: detecting whether the plug-in protection function is enabled in the current window; if it is detected that the plug-in protection function is enabled in the current window, then performing the process of judging the current process running in the current window according to the process identifier. The step of whether the process is a protected process; if it is detected that the plug-in protection function is not enabled in the current window, the loading of the plug-in is controlled according to preset rights management rules.
  • the The rights management rules control the loading of plug-ins in the current window.
  • the preset rights management rules can be pre-set conditions, through which it is judged whether to continue to load the plug-in or prevent the loading of the plug-in, such as loading the security payment plug-in, preventing information from being read and recorded
  • Functional malicious plug-ins can set corresponding preset rights management rules according to actual interception requirements, which is not limited in this embodiment.
  • the step of controlling the loading of the plug-ins according to preset rights management rules includes: detecting the plug-in type of the plug-ins; Determine the target loading authority corresponding to the plug-in according to the plug-in type and preset rights management rules; and control the loading of the plug-in according to the target loading permission.
  • the plug-in type of the plug-in is detected in real time when the plug-in is loaded. For example, when the plug-in type is a malicious plug-in, combined with the preset management rules, it can be determined that the target loading permission of the plug-in is prohibited from loading, and when the plug-in type is a security plug-in, combined with the preset management rules, it can be determined that the target loading permission of the plug-in is allowed to load.
  • the preset authority management rules and the loading authority corresponding to the plug-in type can be set correspondingly according to the actual situation, which is not limited in this embodiment.
  • Step S30 If the current process is a protected process, prevent the loading of plug-ins in the current window.
  • this embodiment also includes after the step S30: according to the class identifier corresponding to the plug-in, the process identifier and the blocking loading operation corresponding to the plug-in Generate a loading interception report; display the loading interception report.
  • the current browser security protection intercepts malicious attacks encountered in the browser through black and white lists. Users only know that malicious attacks in the blacklist have been blocked, but they do not know the specific details.
  • the interception situation even if there is a wrong interception, the user cannot know, which makes the user unable to perform follow-up operations and does not understand why the follow-up operations cannot be performed, which reduces the user experience.
  • the interception situation and the user’s follow-up operation are convenient.
  • the loading interception can be generated according to the class identifier, process identifier and corresponding blocking operation of the plug-in. Reports, such as (1FD4978, 10111, blocking), (B4F3A835, 10222, blocking), and then save the loading interception report, which is convenient for developers to analyze why false positives occur, so as to optimize the process.
  • displaying the interception report can facilitate the user to know why the operation cannot continue and why the operation is prohibited. In the case of false positives, it can facilitate the user to understand why the follow-up operation cannot be performed and improve user experience.
  • the process identifier of the current process running in the current window is obtained; according to the process identifier, it is judged whether the current process running in the current window is Protected process; if the current process is a protected process, the loading of the plug-in in the current window is prevented, and the protected process in the current window is protected by preventing the loading of the plug-in, without the use of a preset black and white list, which can Timely protection of browser security improves user experience.
  • FIG. 3 is a schematic flowchart of a second embodiment of a plug-in protection method according to the present invention.
  • step S20 in the plug-in protection method of this embodiment includes:
  • Step S201 Query the target authority information corresponding to the process identifier in the preset process list, and determine the corresponding security check information according to the target authority information.
  • the preset process list is preset, and the processes recorded in the preset process list are processes that need to be protected, and the target authority can be determined according to the query result of the process identifier of the current process in the preset process list Information, the target authority information contains information such as permission or prohibition, and the security check information corresponding to different target authority information is different.
  • the security check information corresponding to the target authority information containing permission information is A
  • the target authority information containing prohibition information The corresponding security check information is B.
  • Step S202 Extract a verification return value from the security verification information.
  • Step S203 Determine whether the current process running in the current window is a protected process according to the verification return value.
  • the verification return value can be extracted from the safety verification information in this embodiment, and the verification return value X or Y can be extracted from the safety verification information. Then according to the return value, it can be determined whether the current process running in the current window is a protected process, for example, the current process corresponding to the verification return value X is a protected process, and the current process corresponding to the verification return value Y is an unprotected process.
  • the step of determining the corresponding security verification information according to the target authority information includes: if the target authority information is protected information, the first A check value is used as security check information; if the target authority information is unprotected information, a second check value is used as security check information.
  • the target permission information is protected information or non-protected information. If the process identifier of the current process is found in the preset process list, then The target permission information is protected information, and if the process identifier of the current process is not found in the preset process list, the target permission information is non-protected information.
  • the first check value can be set to 1, and the second check value can be set to 0.
  • the first check value and the second check value are security check information.
  • the first check value and the second check value The second check value can be set correspondingly according to the actual situation, which is not limited in this embodiment.
  • the step S206 includes: if the extracted verification return value is the first verification value, then it is determined that the current process is a protected process; if the extracted If the verification return value is the second verification value, it is determined that the current process is an unprotected process.
  • the verification return value is the first verification value, it means that the current process corresponding to the process identifier is a process that needs to be protected, that is, the protected process. If the verification return value is the second verification value value, it indicates that the current process corresponding to the process identifier is a process that does not need to be protected, that is, a non-protected process.
  • processes such as the security payment process are set as processes that need to be protected, and the rendering process Or the process such as the loading process is set as a process that does not need to be protected.
  • the protected process and the non-protected process can also be set correspondingly according to the actual protection requirements, which is not limited in this embodiment.
  • the corresponding security check information is determined according to the target authority information; and the check return value is extracted from the security check information; Determine whether the current process running in the current window is a protected process according to the verification return value, and detect the current process in the current window through the verification return value pair extracted from the security verification information corresponding to the preset authority management rule.
  • the process is a protected process can detect the current process more accurately, improving the accuracy of browser security protection, and at the same time ensuring that even if the plug-in function is not enabled, the user's rights can be guaranteed based on basic settings such as preset permission management rules.
  • Network security improves user experience
  • FIG. 4 is a schematic flowchart of a third embodiment of a plug-in protection method according to the present invention.
  • step S20 described in this embodiment it also includes:
  • Step S30' If the current process is an unprotected process, load the plug-in in the current window.
  • the current process is an unprotected process, it means that the user will not actively input private information related to the user's personal account in the current process, and the risk of the user's private information being stolen is low, so the current process can continue to be loaded. Plugins in windows.
  • the step S30' in this embodiment includes: obtaining the class identifier of the plug-in in the current window; obtaining the The file information of the plug-in; the plug-in is loaded according to the file information.
  • the class identifier of the plug-in is obtained.
  • the class identifier is equivalent to the ID card of the plug-in in the registry, and the class identifier of each plug-in is different.
  • the class identifier has a unique According to the class identifier, the file information of the plug-in can be found. For example, the file information corresponding to the rendering process can be obtained according to the class identifier 1FD4978, and the file information of the secure payment process can be obtained according to the class identifier B4F3A835.
  • the class identifier and the file information corresponding to the plug-in are obtained from the registry, and the class identifier and the plug-in are stored in the registry through different paths.
  • the class identifier corresponding to the plug-in can be obtained from the registry through the first path.
  • the first path can be HKEY_LOCAL_MACHINE ⁇ SOFTWARE ⁇ Microsoft ⁇ Windows ⁇ CurrentVersion ⁇ Explorer ⁇ BrowserHelperObjects.
  • the class identifier can also be passed through the second path
  • the second path can be HKEY_CLASSES_ROOT ⁇ CLSID ⁇ xxx-xxxxxxx-xxxx-xxxxxx ⁇ InprocServer32.
  • step S30' it also includes:
  • Step S40 After the plug-in is loaded, obtain the traffic data of the plug-in in real time during operation.
  • the malicious plug-in will generate corresponding traffic data in the process of obtaining the user's personal privacy information, and the size of the traffic data determines the amount of information obtained by the malicious plug-in. The larger the amount.
  • Step S50 Check the validity of the traffic data.
  • the legality of the traffic data will be checked. In this embodiment, it is determined whether the traffic data is legal by checking whether the traffic data contains user information. If the traffic data contains user information, the traffic data is legal data, and if the traffic data contains user information, the traffic data is illegal data. Further, the user information includes a corresponding user information identifier, and based on the user information identifier, it can be detected whether the traffic data includes the user information.
  • Step S60 Control the running plug-in according to the traffic detection result.
  • the running plug-in is controlled according to the traffic result.
  • the control of the plug-in includes continuing to run the plug-in or immediately stopping the running of the plug-in. If the traffic data is illegal data, the operation of the plug-in will be stopped immediately.
  • the running of the plug-in is stopped by deleting the file information corresponding to the plug-in from the registry.
  • the deleted file information is obtained through the above-mentioned second path based on the class identifier. Therefore, in this embodiment The file information can be deleted from the registry through the second path, and of course the running plug-in can also be stopped in other ways, and corresponding settings can be made according to the actual situation, which is not limited in this embodiment.
  • the file information of the plug-in is obtained according to the class identifier, and the plug-in in the current window is loaded according to the file information, so that the current process is
  • the process can quickly and accurately load the plug-in in the current window, and at the same time, after the plug-in in the current window is loaded, it can also monitor the traffic data of the plug-in in real time during the running process, so as to prevent malware from being unnoticed by the user. It steals the user's personal privacy information, ensures the user's network security, and improves the user experience.
  • an embodiment of the present invention also provides a storage medium, on which a plug-in protection program is stored, and when the plug-in protection program is executed by a processor, the steps of the above-mentioned plug-in protection method are implemented.
  • FIG. 5 is a structural block diagram of the first embodiment of the plug-in protection device of the present invention.
  • the plug-in protection device proposed by the embodiment of the present invention includes:
  • the obtaining module 10 is configured to obtain the process identifier of the current process running in the current window when it is detected that a plug-in is loaded in the current window.
  • a judging module 20 configured to judge whether the current process running in the current window is a protected process according to the process identifier.
  • the control module 30 is configured to prevent the loading of plug-ins in the current window if the current process is a protected process.
  • the process identifier of the current process running in the current window is obtained; according to the process identifier, it is judged whether the current process running in the current window is Protected process; if the current process is a protected process, the loading of the plug-in in the current window is prevented, and the protected process in the current window is protected by preventing the loading of the plug-in, without the use of a preset black and white list, which can Timely protection of browser security improves user experience.
  • the plug-in protection device further includes a detection module
  • the detection module is used to detect whether the plug-in protection function is enabled in the current window
  • the judging module 20 is also used to judge whether the current process running in the current window is a protected process according to the process identifier if it is detected that the plug-in protection function is enabled in the current window;
  • the control module 30 is further configured to control the loading of the plug-in according to preset authority management rules if it is detected that the plug-in protection function is not enabled in the current window.
  • control module 30 is further configured to detect the plug-in type of the plug-in; determine the target loading permission corresponding to the plug-in according to the plug-in type and preset permission management rules; Controls the loading of said plugins.
  • the judging module 20 is further configured to query the target authority information corresponding to the process identifier in the preset process list, and determine the corresponding security check information according to the target authority information; from the Extracting a verification return value from the security verification information; judging whether the current process running in the current window is a protected process according to the verification return value.
  • the judging module 20 is further configured to use the first verification value as security verification information if the target authority information is protected information; if the target authority information is unprotected information , the second check value is used as the security check information.
  • the judging module 20 is further configured to determine that the current process is a protected process if the extracted verification return value is the first verification value; if the extracted verification return value is the second check value, it is determined that the current process is an unprotected process.
  • control module 30 is further configured to load the plug-in in the current window if the current process is an unprotected process.
  • control module 30 is further configured to obtain the class identifier of the plug-in in the current window; obtain the file information of the plug-in according to the class identifier; The above plugin is loaded.
  • control module 30 is further configured to obtain the class identifier of the plug-in in the current window from the registry through a first path; obtain the class identifier of the plug-in in the current window through a second path The file information of the plug-in corresponding to the class identifier.
  • control module 30 is further configured to acquire the flow data of the plug-in in real time after the plug-in is loaded; to check the validity of the flow data; Take control of running plugins.
  • the detection module is further configured to detect whether user information is included in the traffic data
  • the control module 30 is further configured to, if the traffic data includes the user information, delete the file information corresponding to the plug-in from the registry, so that the plug-in stops running.
  • the plug-in protection device further includes a generating module
  • the generating module is configured to generate a loading interception report according to the class identifier corresponding to the plug-in, the process identifier, and the loading blocking operation corresponding to the plug-in; and display the loading interception report.

Abstract

A plug-in protection method and apparatus, and a device and a storage medium, belonging to the technical field of computers. The method comprises: when it is detected that a plug-in is loaded in the current window, acquiring a process identifier of the current process that is run in the current window (S10); determining, according to the process identifier, whether the current process that is run in the current window is a protected process (S20); and if the current process is a protected process, preventing the loading of the plug-in in the current window (S30). The loading of a plug-in is prevented to protect a protected process in the current window, such that a browser can be subjected to security protection in a timely manner, without the need to use preset black and white lists, thereby improving the user experience.

Description

插件防护方法、装置、设备及存储介质Plug-in protection method, device, equipment and storage medium 技术领域technical field
本发明涉及计算机技术领域,尤其涉及一种插件防护方法、装置、设备及存储介质。The present invention relates to the field of computer technology, in particular to a plug-in protection method, device, equipment and storage medium.
背景技术Background technique
目前的网购模式,尤其是浏览器网购模式,对于恶意的攻击主要是进行全盘扫描(全局环境扫描)发现系统中可能存在的风险程序,采用的是非白即黑(系统中存在未被判定为安全程序的程序即被认定为存在安全风险)的模式进行的,而有些恶意攻击软件可以通过在浏览器中加载恶意插件以窃取用户信息,但是由于白名单部分需要主动上报的特性,导致白名单添加和利用存在延迟性,无法及时阻止恶意插件对用户信息的窃取,会令用户体验较差,且由于存在延迟性,有时添加不及时甚至可能会给用户带来损失。The current online shopping model, especially the browser online shopping model, mainly conducts a full-scale scan (global environment scan) for malicious attacks to discover risky programs that may exist in the system. The program is considered to have a security risk) mode, and some malicious attack software can steal user information by loading malicious plug-ins in the browser, but due to the feature of the white list that needs to be actively reported, the white list is added There is a delay in utilization and utilization, and it is impossible to prevent malicious plug-ins from stealing user information in time, which will make the user experience poor, and due to the delay, sometimes adding it in time may even cause losses to users.
上述内容仅用于辅助理解本发明的技术方案,并不代表承认上述内容是现有技术。发明内容The above content is only used to assist in understanding the technical solution of the present invention, and does not mean that the above content is admitted as prior art. Contents of the invention
本发明的主要目的在于提供一种插件防护方法、装置、设备及存储介质,旨在解决现有技术浏览器的安全防护存在延迟性的技术问题。The main purpose of the present invention is to provide a plug-in protection method, device, equipment and storage medium, aiming to solve the technical problem of delay in security protection of browsers in the prior art.
为实现上述目的,本发明提供了一种插件防护方法,所述插件防护方法包括以下步骤:To achieve the above object, the present invention provides a plug-in protection method, the plug-in protection method includes the following steps:
在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符;When it is detected that a plug-in is loaded in the current window, obtain the process identifier of the current process running in the current window;
根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;judging whether the current process running in the current window is a protected process according to the process identifier;
若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载。If the current process is a protected process, the loading of the plug-in in the current window is prevented.
可选地,所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程之前,还包括:Optionally, before determining whether the current process running in the current window is a protected process according to the process identifier, the method further includes:
检测所述当前窗口中是否开启插件防护功能;Detect whether the plug-in protection function is enabled in the current window;
若检测到所述当前窗口开启插件防护功能,则执行所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程的步骤;If it is detected that the plug-in protection function is enabled in the current window, then perform the step of judging whether the current process running in the current window is a protected process according to the process identifier;
若检测到所述当前窗口未开启插件防护功能,则根据预设权限管理规则控制所述插件的加载。If it is detected that the plug-in protection function is not enabled in the current window, the loading of the plug-in is controlled according to preset rights management rules.
可选地,所述根据预设权限管理规则控制所述插件的加载,包括:Optionally, the controlling the loading of the plug-in according to preset rights management rules includes:
检测所述插件的插件类型;detecting the plug-in type of the plug-in;
根据所述插件类型和预设权限管理规则确定所述插件对应的目标加载权限;Determine the target loading authority corresponding to the plug-in according to the plug-in type and preset rights management rules;
根据所述目标加载权限控制所述插件的加载。The loading of the plug-in is controlled according to the target loading permission.
可选地,所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程,包括:Optionally, the judging whether the current process running in the current window is a protected process according to the process identifier includes:
在预设进程列表中查询所述进程标识符对应的目标权限信息,根据所述目标权限信息确定对应的安全校验信息;Query the target authority information corresponding to the process identifier in the preset process list, and determine the corresponding security verification information according to the target authority information;
从所述安全校验信息中提取校验返回值;extracting a verification return value from the security verification information;
根据所述校验返回值判断所述当前窗口中运行的当前进程是否为受保护进程。Judging whether the current process running in the current window is a protected process according to the verification return value.
可选地,所述根据所述目标权限信息确定对应的安全校验信息,包括:Optionally, the determining the corresponding security verification information according to the target authority information includes:
若所述目标权限信息为受保护信息,则将第一校验值作为安全校验信息;If the target authority information is protected information, use the first check value as security check information;
若所述目标权限信息为非受保护信息,则将第二校验值作为安全校验信息。If the target authority information is unprotected information, the second check value is used as security check information.
可选地,所述根据所述校验返回值判断所述当前窗口中运行的当前进程是否为受保护进程,包括:Optionally, the judging whether the current process running in the current window is a protected process according to the check return value includes:
若提取的校验返回值为第一校验值,则判定所述当前进程为受保护进程;If the extracted verification return value is the first verification value, it is determined that the current process is a protected process;
若提取的校验返回值为第二校验值,则判定所述当前进程为非受保护进程。If the extracted verification return value is the second verification value, it is determined that the current process is an unprotected process.
可选地,所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程之后,还包括:Optionally, after determining whether the current process running in the current window is a protected process according to the process identifier, the method further includes:
若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件。If the current process is an unprotected process, then load the plug-in in the current window.
可选地,所述加载所述当前窗口中的所述插件,包括:Optionally, the loading of the plug-ins in the current window includes:
获取所述当前窗口中所述插件的类标识符;Obtain the class identifier of the plug-in in the current window;
根据所述类标识符获取所述插件的文件信息;Obtaining the file information of the plug-in according to the class identifier;
根据所述文件信息对所述插件进行加载。The plug-in is loaded according to the file information.
可选地,所述获取所述当前窗口中所述插件的类标识符,包括:Optionally, the obtaining the class identifier of the plug-in in the current window includes:
通过第一路径从注册表中获取所述当前窗口中所述插件的类标识符;Obtaining the class identifier of the plug-in in the current window from the registry through the first path;
相应地,所述根据所述类标识符获取所述插件的文件信息,包括:Correspondingly, the acquiring the file information of the plug-in according to the class identifier includes:
通过第二路径从所述注册表中获取所述类标识符对应的所述插件的文件信息。The file information of the plug-in corresponding to the class identifier is obtained from the registry through the second path.
可选地,所述若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件之后,还包括:Optionally, if the current process is an unprotected process, after loading the plug-in in the current window, it further includes:
在所述插件完成加载后,实时获取所述插件在运行过程中的流量数据;After the plug-in is loaded, obtain the flow data of the plug-in in real time during operation;
对所述流量数据进行合法性检测;Perform legality detection on the traffic data;
根据流量检测结果对运行中的插件进行控制。Control the running plug-in according to the traffic detection result.
可选地,所述对所述流量数据进行合法性检测,包括:Optionally, the legality detection of the traffic data includes:
检测所述流量数据中是否包括用户信息;Detecting whether user information is included in the traffic data;
相应地,所述根据流量检测结果对运行中的插件进行控制,包括:Correspondingly, the controlling the running plug-in according to the traffic detection result includes:
若所述流量数据中包含所述用户信息,则从注册表中删除所述插件对应的文件信息,以使所述插件停止运行。If the traffic data includes the user information, delete the file information corresponding to the plug-in from the registry, so that the plug-in stops running.
可选地,所述若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载之后,还包括:Optionally, after preventing the loading of plug-ins in the current window if the current process is a protected process, the method further includes:
根据所述插件对应的类标识符、所述进程标识符以及所述插件对应的阻止加载操作生成加载拦截报告;Generate a loading interception report according to the class identifier corresponding to the plug-in, the process identifier, and the blocking loading operation corresponding to the plug-in;
将所述加载拦截报告进行展示。The loading interception report is displayed.
此外,为实现上述目的,本发明还提出一种插件防护装置,所述插件防护装置包括:In addition, in order to achieve the above purpose, the present invention also proposes a plug-in protection device, the plug-in protection device includes:
获取模块,用于在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符;An acquisition module, configured to acquire the process identifier of the current process running in the current window when it is detected that a plug-in is loaded in the current window;
判断模块,用于根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;A judging module, configured to judge whether the current process running in the current window is a protected process according to the process identifier;
控制模块,用于若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载。A control module, configured to prevent the loading of plug-ins in the current window if the current process is a protected process.
可选地,所述插件防护装置还包括:检测模块;Optionally, the plug-in protection device further includes: a detection module;
所述检测模块,用于检测所述当前窗口中是否开启插件防护功能;The detection module is used to detect whether the plug-in protection function is enabled in the current window;
所述判断模块,还用于若检测到所述当前窗口开启插件防护功能,根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;The judging module is further configured to judge whether the current process running in the current window is a protected process according to the process identifier if it is detected that the plug-in protection function is enabled in the current window;
所述控制模块,还用于若检测到所述当前窗口未开启插件防护功能,则根据预设权限管理规则控制所述插件的加载。The control module is further configured to control the loading of the plug-in according to preset rights management rules if it is detected that the plug-in protection function is not enabled in the current window.
可选地,所述控制模块,还用于若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件。Optionally, the control module is further configured to load the plug-in in the current window if the current process is an unprotected process.
可选地,所述控制模块,还用于获取所述当前窗口中所述插件的类标识符;根据所述类标识符获取所述插件的文件信息;根据所述文件信息对所述插件进行加载。Optionally, the control module is further configured to obtain the class identifier of the plug-in in the current window; obtain the file information of the plug-in according to the class identifier; perform an operation on the plug-in according to the file information load.
可选地,所述控制模块,还用于通过第一路径从注册表中获取所述当前窗口中所述插 件的类标识符;通过第二路径从所述注册表中获取所述类标识符对应的所述插件的文件信息。Optionally, the control module is further configured to obtain the class identifier of the plug-in in the current window from the registry through a first path; obtain the class identifier from the registry through a second path The file information of the corresponding plug-in.
可选地,所述插件防护装置还包括监控模块;Optionally, the plug-in protection device also includes a monitoring module;
所述监控模块,用于在所述插件完成加载后,实时获取所述插件在运行过程中的流量数据;对所述流量数据进行合法性检测;根据流量检测结果对运行中的插件进行控制。The monitoring module is configured to obtain real-time flow data of the plug-in during operation after the plug-in is loaded; to detect the validity of the flow data; and to control the running plug-in according to the flow detection result.
此外,为实现上述目的,本发明还提出一种插件防护设备,所述插件防护设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的插件防护程序,所述插件防护程序配置为实现如上文所述的插件防护方法的步骤。In addition, in order to achieve the above object, the present invention also proposes a plug-in protection device, which includes: a memory, a processor, and a plug-in protection program stored in the memory and operable on the processor. The plug-in protection program is configured to implement the steps of the plug-in protection method as described above.
此外,为实现上述目的,本发明还提出一种存储介质,所述存储介质上存储有插件防护程序,所述插件防护程序被处理器执行时实现如上文所述的插件防护方法的步骤。In addition, to achieve the above object, the present invention also proposes a storage medium, on which a plug-in protection program is stored, and when the plug-in protection program is executed by a processor, the steps of the above-mentioned plug-in protection method are implemented.
本发明在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符;根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载,通过阻止插件的加载以保护当前窗口中的受保护进程,无需借助预设设置的黑白名单,能够及时对浏览器进行安全防护,提高了用户体验。The present invention acquires the process identifier of the current process running in the current window when detecting that there is a plug-in loaded in the current window; judges whether the current process running in the current window is protected according to the process identifier process; if the current process is a protected process, the loading of the plug-in in the current window is prevented, and the protected process in the current window is protected by preventing the loading of the plug-in. Browser security protection improves user experience.
附图说明Description of drawings
图1是本发明实施例方案涉及的硬件运行环境的插件防护设备的结构示意图;Fig. 1 is a schematic structural diagram of a plug-in protection device for a hardware operating environment involved in the solution of an embodiment of the present invention;
图2为本发明插件防护方法第一实施例的流程示意图;Fig. 2 is a schematic flow chart of the first embodiment of the plug-in protection method of the present invention;
图3为本发明插件防护方法第二实施例的流程示意图;FIG. 3 is a schematic flowchart of a second embodiment of the plug-in protection method of the present invention;
图4为本发明插件防护方法第三实施例的流程示意图;4 is a schematic flowchart of a third embodiment of the plug-in protection method of the present invention;
图5为本发明插件防护装置第一实施例的结构框图。Fig. 5 is a structural block diagram of the first embodiment of the plug-in protection device of the present invention.
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose of the present invention, functional characteristics and advantages will be further described in conjunction with the embodiments and with reference to the accompanying drawings.
具体实施方式Detailed ways
应当理解,此处所描述的具体实施例仅用以解释本发明,并不用于限定本发明。It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.
参照图1,图1为本发明实施例方案涉及的硬件运行环境的插件防护设备结构示意图。Referring to FIG. 1 , FIG. 1 is a schematic structural diagram of a plug-in protection device in a hardware operating environment involved in the solution of an embodiment of the present invention.
如图1所示,该插件防护设备可以包括:处理器1001,例如中央处理器(Central Processing Unit,CPU),通信总线1002、用户接口1003,网络接口1004,存储器1005。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如无线保真(WIreless-FIdelity,WI-FI)接口)。存储器1005可以是高速的随机存取存储器(Random Access Memory,RAM)存储器,也可以是稳定的非易失性存储器(Non-Volatile Memory,NVM),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1 , the plug-in protection device may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein, the communication bus 1002 is used to realize connection and communication between these components. The user interface 1003 may include a display screen (Display), an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface. The network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a wireless fidelity (WIreless-FIdelity, WI-FI) interface). The memory 1005 may be a high-speed random access memory (Random Access Memory, RAM) memory, or a stable non-volatile memory (Non-Volatile Memory, NVM), such as a disk memory. Optionally, the memory 1005 may also be a storage device independent of the aforementioned processor 1001 .
本领域技术人员可以理解,图1中示出的结构并不构成对插件防护设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art can understand that the structure shown in FIG. 1 does not constitute a limitation on the plug-in protection device, and may include more or less components than shown in the figure, or combine some components, or arrange different components.
如图1所示,作为一种存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及插件防护程序。As shown in FIG. 1 , the memory 1005 as a storage medium may include an operating system, a network communication module, a user interface module, and a plug-in protection program.
在图1所示的插件防护设备中,网络接口1004主要用于与网络服务器进行数据通信;用户接口1003主要用于与用户进行数据交互;本发明插件防护设备中的处理器1001、存储器1005可以设置在插件防护设备中,所述插件防护设备通过处理器1001调用存储器1005中存储的插件防护程序,并执行本发明实施例提供的插件防护方法。In the plug-in protection device shown in Figure 1, the network interface 1004 is mainly used for data communication with the network server; the user interface 1003 is mainly used for data interaction with the user; the processor 1001 and the memory 1005 in the plug-in protection device of the present invention can be Set in the plug-in protection device, the plug-in protection device calls the plug-in protection program stored in the memory 1005 through the processor 1001, and executes the plug-in protection method provided by the embodiment of the present invention.
本发明实施例提供了一种插件防护方法,参照图2,图2为本发明一种插件防护方法第一实施例的流程示意图。An embodiment of the present invention provides a plug-in protection method. Referring to FIG. 2 , FIG. 2 is a schematic flowchart of a first embodiment of a plug-in protection method according to the present invention.
本实施例中,所述插件防护方法包括以下步骤:In this embodiment, the plug-in protection method includes the following steps:
步骤S10:在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符。Step S10: when it is detected that a plug-in is loaded in the current window, obtain the process identifier of the current process running in the current window.
需要说明的是,本实施例的执行主体可以是插件防护设备,插件防护设备可以是个人电脑、服务器等电子设备,还可以为其他可实现相同或相似功能的设备,本实施例对此不加以限制,在本实施例及下述各实施例中,以插件防护设备为例对本发明插件防护方法进行说明。本实施例中插件防护设备可以对浏览器进行实时监测,并获取浏览器的数据,根据获取到的数据对浏览器进行安全检测,以保证用户的网购以及用网安全。It should be noted that the execution subject of this embodiment may be a plug-in protection device, and the plug-in protection device may be an electronic device such as a personal computer or a server, or other devices that can achieve the same or similar functions. Restrictions, in this embodiment and the following embodiments, the plug-in protection device of the present invention is used as an example to illustrate the plug-in protection method of the present invention. In this embodiment, the plug-in protection device can monitor the browser in real time, obtain browser data, and perform safety detection on the browser according to the obtained data, so as to ensure the safety of users' online shopping and network usage.
需要说明的是,本实施例中的插件是指浏览器插件,是一种扩展浏览器标准功能的小 型计算机程序,可以对浏览器的功能起到补充作用,插件包括视频插件、图片插件或支付插件等,可以在用户通过浏览器进行网购时为用户打开网购商品相应的视频和图片等,但是恶意插件会在用户进行网购时窃取用户的个人账户信息,然后再利用其它不法手段盗取用户的个人财产。It should be noted that the plug-in in this embodiment refers to a browser plug-in, which is a small computer program that extends the standard functions of the browser and can supplement the functions of the browser. Plug-ins include video plug-ins, picture plug-ins or payment plug-ins. Plug-ins, etc., can open the corresponding videos and pictures of online shopping products for users when they shop online through the browser, but malicious plug-ins will steal the user's personal account information when the user is shopping online, and then use other illegal means to steal the user's personal information. personal property.
在具体实施中,如果检测到当前窗口中有插件加载时,由于不确定所加载的插件是浏览器自带的安全插件还是第三方的恶意插件,为了保证用户的上网安全,需要对当前窗口中运行的进程进行检测,因为用户通常会在支付进程启动时输入用户的个人账户信息,本实施例中是通过获取当前窗口所运行的当前进程的进程标识符来检测当前进程是否支付进程等。In the specific implementation, if it is detected that there is a plug-in loaded in the current window, because it is not sure whether the loaded plug-in is a security plug-in that comes with the browser or a malicious third-party plug-in, in order to ensure the user's Internet security, it is necessary to The running process is detected, because the user usually enters the user's personal account information when the payment process starts. In this embodiment, it detects whether the current process is a payment process, etc. by obtaining the process identifier of the current process running in the current window.
需要说明的是,用户在浏览器中所打开的窗口都具有相应的进程,例如用户打开支付窗口时,支付窗口中所运行的进程为安全支付进程,又如用户在浏览器观看图片或视频时,浏览器的当前窗口中会启动渲染进程。进一步地,当前窗口中所运行的当前进程具有相应的标识,即进程标识符,每个进程都有一个非负整型表示的唯一进程标识,即每个进程对应的进程标识符均不相同,本实施例中可通过任务管理器读取当前窗口中所运行的当前进程的进程标识符,还可通过其他获取当前窗口中所运行的当前进程的进程标识符,本实施例对此不加以限制。It should be noted that all windows opened by the user in the browser have corresponding processes. For example, when the user opens the payment window, the process running in the payment window is a secure payment process. , the rendering process starts in the browser's current window. Further, the current process running in the current window has a corresponding identifier, that is, a process identifier, and each process has a unique process identifier represented by a non-negative integer, that is, the corresponding process identifiers of each process are different, In this embodiment, the process identifier of the current process running in the current window can be read through the task manager, and the process identifier of the current process running in the current window can also be obtained through other methods, which is not limited in this embodiment .
步骤S20:根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程。Step S20: Determine whether the current process running in the current window is a protected process according to the process identifier.
在具体实施中,在获取到当前窗口中运行的当前进程的进程标识符之后,基于进程标识符与进程之间的对应关系判断当前进程的进程标识符所对应的进程是否为受保护进程,例如进程标识符1111对应的为浏览器渲染进程,进程标识符2222对应的为浏览器加载进程,进程标识符3333对应的为浏览器安全支付进程,假设安全支付进程为受保护进程,因此通过可以判定标识符3333对应的浏览器为受保护进程,受保护的进程可以根据实际情况进行相应地设置,本实施例对此不加以限制。In a specific implementation, after obtaining the process identifier of the current process running in the current window, it is judged based on the correspondence between the process identifier and the process whether the process corresponding to the process identifier of the current process is a protected process, for example The process identifier 1111 corresponds to the browser rendering process, the process identifier 2222 corresponds to the browser loading process, and the process identifier 3333 corresponds to the browser security payment process. Assuming that the security payment process is a protected process, it can be determined by passing The browser corresponding to the identifier 3333 is a protected process, and the protected process can be set accordingly according to the actual situation, which is not limited in this embodiment.
进一步地,在对当前进程进行判断之前,需要检测当前窗口中是否开启了插件防护功能,避免由于插件防护功能未开启,而导致没有对用户的支付安全进行及时地保护,本实施例中所述步骤S20之前还包括:检测所述当前窗口中是否开启插件防护功能;若检测到所述当前窗口开启插件防护功能,则执行所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程的步骤;若检测到所述当前窗口未开启插件防护功能,则根据预设权限管理规则控制所述插件的加载。Furthermore, before judging the current process, it is necessary to detect whether the plug-in protection function is enabled in the current window, so as to avoid timely protection of the user's payment security due to the plug-in protection function not being enabled. Before step S20, it also includes: detecting whether the plug-in protection function is enabled in the current window; if it is detected that the plug-in protection function is enabled in the current window, then performing the process of judging the current process running in the current window according to the process identifier. The step of whether the process is a protected process; if it is detected that the plug-in protection function is not enabled in the current window, the loading of the plug-in is controlled according to preset rights management rules.
容易理解的是,如果检测到当前窗口中开启了插件防护功能,则可以根据进程标识符检测当前窗口中运行的当前进行是否为受保护进程,实现安全防护。It is easy to understand that, if it is detected that the plug-in protection function is enabled in the current window, it can be detected whether the current process running in the current window is a protected process according to the process identifier, so as to realize security protection.
在具体实施中,如果检测到当前窗口未开启插件防护功能,则无法即系根据进程标识符进行相应的安全防护,但是为了保证能够继续保证用户的用网安全,本实施例中可以根据预设权限管理规则控制当前窗口中插件的加载,预设权限管理规则可以是预先设置的条件,通过此条件判断是继续加载插件还是阻止插件的加载,例如加载安全支付插件,阻止具有信息读取和记录功能的恶意插件,可以根据实际拦截需求对预设权限管理规则进行相应的设置,本实施例对此不加以限制。In the specific implementation, if it is detected that the plug-in protection function is not enabled in the current window, the corresponding security protection cannot be performed according to the process identifier, but in order to ensure that the user's network security can continue to be guaranteed, in this embodiment, the The rights management rules control the loading of plug-ins in the current window. The preset rights management rules can be pre-set conditions, through which it is judged whether to continue to load the plug-in or prevent the loading of the plug-in, such as loading the security payment plug-in, preventing information from being read and recorded Functional malicious plug-ins can set corresponding preset rights management rules according to actual interception requirements, which is not limited in this embodiment.
进一步地,本实施例中为了能够更加及时与合理地对当前窗口中加载的插件进行控制,所述根据预设权限管理规则控制所述插件的加载的步骤包括:检测所述插件的插件类型;根据所述插件类型和预设权限管理规则确定所述插件对应的目标加载权限;根据所述目标加载权限控制所述插件的加载。Further, in this embodiment, in order to control the plug-ins loaded in the current window more timely and reasonably, the step of controlling the loading of the plug-ins according to preset rights management rules includes: detecting the plug-in type of the plug-ins; Determine the target loading authority corresponding to the plug-in according to the plug-in type and preset rights management rules; and control the loading of the plug-in according to the target loading permission.
需要说明的是,本实施例中在插件加载时就对插件的插件类型进行实时检测,插件类型包括恶意插件或安全插件等,根据插件类型并结合预设权限管理规则可以确定插件的目标加载权限,例如插件类型为恶意插件时,结合预设管理规则可以确定插件的目标加载权限为禁止加载,又如插件类型为安全插件时,结合预设管理规则可以确定插件的目标加载权限为允许加载,预设权限管理规则和插件类型对应的加载权限可以根据实际情况进行相应地设置,本实施例对此不加以限制。It should be noted that in this embodiment, the plug-in type of the plug-in is detected in real time when the plug-in is loaded. For example, when the plug-in type is a malicious plug-in, combined with the preset management rules, it can be determined that the target loading permission of the plug-in is prohibited from loading, and when the plug-in type is a security plug-in, combined with the preset management rules, it can be determined that the target loading permission of the plug-in is allowed to load. The preset authority management rules and the loading authority corresponding to the plug-in type can be set correspondingly according to the actual situation, which is not limited in this embodiment.
步骤S30:若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载。Step S30: If the current process is a protected process, prevent the loading of plug-ins in the current window.
可以理解的是,用户在使用浏览器进行网购支付时,需要通过安全支付进程需要相应的支付信息,例如支付宝账号密码或银行卡网银账号密码等信息,而一些恶意插件会在用户不知情的情况下对用户输入的支付信息进行窃取,为了防止恶意插件对用户所输入的支付信息进行窃取,因此会阻止此类恶意插件的加载,本实施例中可通过关闭当前窗口或者删除插件所需要的文件信息等方式阻止当前窗口中插件的加载,本实施例对此不加以限制,可以根据实际情况进行相应的设置。It is understandable that when a user uses a browser to pay for online shopping, he needs to go through a secure payment process to request corresponding payment information, such as Alipay account password or bank card online banking account password and other information, and some malicious plug-ins may be used without the user's knowledge. The payment information entered by the user is stolen. In order to prevent the malicious plug-in from stealing the payment information entered by the user, it will prevent the loading of such malicious plug-ins. In this embodiment, you can close the current window or delete the files required by the plug-in. Information and other means prevent the loading of plug-ins in the current window, which is not limited in this embodiment, and corresponding settings can be made according to actual conditions.
容易理解的是,并非所有窗口中运行的进程都需要受到保护,例如用户仅仅是在打开的网购窗口中浏览商品,并不涉及账号信息等与用户安全隐私相关的信息,此类不需要受到保护的进程不属于受保护进程,本实施例中对于不属于受保护的进程运行时所加载的插件不予阻止,并继续将插件进行加载直至完成。It is easy to understand that not all processes running in windows need to be protected. For example, users only browse products in the open online shopping window, and do not involve account information and other information related to user security and privacy. Such processes do not need to be protected. The process does not belong to the protected process. In this embodiment, the plug-in loaded when the process is not protected is not blocked, and the plug-in will continue to be loaded until it is completed.
进一步地,为了将拦截结果进行展示,提高用户体验,本实施例在所述步骤S30之后 还包括:根据所述插件对应的类标识符、所述进程标识符以及所述插件对应的阻止加载操作生成加载拦截报告;将所述加载拦截报告进行展示。Further, in order to display the interception results and improve user experience, this embodiment also includes after the step S30: according to the class identifier corresponding to the plug-in, the process identifier and the blocking loading operation corresponding to the plug-in Generate a loading interception report; display the loading interception report.
需要说明的是,目前的浏览器安全防护都是通过黑白名单的方式对浏览器中遭受到的恶意攻击进行拦截,用户只是知道处于黑名单中的恶意攻击被拦截了,但是并不清楚具体的拦截情况,甚至即使是出现误拦截的情况用户也无法得知,导致用户无法进行后续操作且不明白为何无法进行后续操作,降低了用户体验,本实施例中为了能够让用户更加清楚的了解到拦截情况以及便于用户后续操作,在对插件进行加载阻止之后,会生成相应的加载拦截报告,本实施例中可以根据插件对应的类标识符、进程标识符以及插件对应的阻止加载操作生成加载拦截报告,例如(1FD4978,10111,阻止),(B4F3A835,10222,阻止),然后再将加载拦截报告进行保存,便于开发人员进行分析为何出现误报,从而对流程加进行优化。It should be noted that the current browser security protection intercepts malicious attacks encountered in the browser through black and white lists. Users only know that malicious attacks in the blacklist have been blocked, but they do not know the specific details. The interception situation, even if there is a wrong interception, the user cannot know, which makes the user unable to perform follow-up operations and does not understand why the follow-up operations cannot be performed, which reduces the user experience. In this embodiment, in order to allow users to understand more clearly The interception situation and the user’s follow-up operation are convenient. After the plug-in is blocked from loading, a corresponding loading interception report will be generated. In this embodiment, the loading interception can be generated according to the class identifier, process identifier and corresponding blocking operation of the plug-in. Reports, such as (1FD4978, 10111, blocking), (B4F3A835, 10222, blocking), and then save the loading interception report, which is convenient for developers to analyze why false positives occur, so as to optimize the process.
可以理解的是,将拦截报告进行展示可以便于用户知悉该操作为何无法继续进行,为何该操作被禁止,在出现误报的情况可以便于用户明确为何无法进行后续操作,提高用户体验。It is understandable that displaying the interception report can facilitate the user to know why the operation cannot continue and why the operation is prohibited. In the case of false positives, it can facilitate the user to understand why the follow-up operation cannot be performed and improve user experience.
本实施例通过在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符;根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载,通过阻止插件的加载以保护当前窗口中的受保护进程,无需借助预设设置的黑白名单,能够及时对浏览器进行安全防护,提高了用户体验。In this embodiment, when it is detected that there is a plug-in loaded in the current window, the process identifier of the current process running in the current window is obtained; according to the process identifier, it is judged whether the current process running in the current window is Protected process; if the current process is a protected process, the loading of the plug-in in the current window is prevented, and the protected process in the current window is protected by preventing the loading of the plug-in, without the use of a preset black and white list, which can Timely protection of browser security improves user experience.
参考图3,图3为本发明一种插件防护方法第二实施例的流程示意图。Referring to FIG. 3 , FIG. 3 is a schematic flowchart of a second embodiment of a plug-in protection method according to the present invention.
基于上述第一实施例,本实施例插件防护方法中所述步骤S20包括:Based on the first embodiment above, the step S20 in the plug-in protection method of this embodiment includes:
步骤S201:在预设进程列表中查询所述进程标识符对应的目标权限信息,根据所述目标权限信息确定对应的安全校验信息。Step S201: Query the target authority information corresponding to the process identifier in the preset process list, and determine the corresponding security check information according to the target authority information.
在具体实施中,预设进程列表是预先设置的,预设进程列表中所记录的进程是需要受到保护的进程,根据当前进程的进程标识符在预设进程列表中的查询结果可以确定目标权限信息,目标权限信息中包含允许或禁止等信息,不同的目标权限信息对应的安全校验信息不同,例如包含允许信息的目标权限信息对应的安全校验信息为A,包含禁止信息的目标权限信息对应的安全校验信息为B。In a specific implementation, the preset process list is preset, and the processes recorded in the preset process list are processes that need to be protected, and the target authority can be determined according to the query result of the process identifier of the current process in the preset process list Information, the target authority information contains information such as permission or prohibition, and the security check information corresponding to different target authority information is different. For example, the security check information corresponding to the target authority information containing permission information is A, and the target authority information containing prohibition information The corresponding security check information is B.
步骤S202:从所述安全校验信息中提取校验返回值。Step S202: Extract a verification return value from the security verification information.
步骤S203:根据所述校验返回值判断所述当前窗口中运行的当前进程是否为受保护进程。Step S203: Determine whether the current process running in the current window is a protected process according to the verification return value.
在具体实施中,在得到安全校验信息之后,本实施例中可从安全校验信息中提取出校验返回值,从安全校验信息中可以提取校验返回值X或Y。然后再根据返回值能够确定当前窗口中运行的当前进程是否为受保护进程,例如校验返回值X对应的当前进程为受保护进程,校验返回值Y对应的当前进程为非受保护进程。In a specific implementation, after the safety verification information is obtained, the verification return value can be extracted from the safety verification information in this embodiment, and the verification return value X or Y can be extracted from the safety verification information. Then according to the return value, it can be determined whether the current process running in the current window is a protected process, for example, the current process corresponding to the verification return value X is a protected process, and the current process corresponding to the verification return value Y is an unprotected process.
进一步地,本实施例中为了更加准确地得到安全校验信息,所述根据所述目标权限信息确定对应的安全校验信息的步骤包括:若所述目标权限信息为受保护信息,则将第一校验值作为安全校验信息;若所述目标权限信息为非受保护信息,则将第二校验值作为安全校验信息。Further, in order to obtain the security verification information more accurately in this embodiment, the step of determining the corresponding security verification information according to the target authority information includes: if the target authority information is protected information, the first A check value is used as security check information; if the target authority information is unprotected information, a second check value is used as security check information.
需要说明的是,根据进程标识符在预设进程列表中的查询结果可以确定目标权限信息为受保护信息还是非受保护信息,如果在预设进程列表中查询到当前进程的进程标识符,则目标权限信息为受保护信息,如果在预设进程列表中未查询到当前进程的进程标识符,则目标权限信息为非受保护信息。本实施例中可将第一校验值设为1,可将第二校验值设为0,第一校验值和二校验值即为安全校验信息,第一校验值和第二校验值可以根据实际情况进行相应的设置,本实施例对此不加以限制。It should be noted that, according to the query result of the process identifier in the preset process list, it can be determined whether the target permission information is protected information or non-protected information. If the process identifier of the current process is found in the preset process list, then The target permission information is protected information, and if the process identifier of the current process is not found in the preset process list, the target permission information is non-protected information. In this embodiment, the first check value can be set to 1, and the second check value can be set to 0. The first check value and the second check value are security check information. The first check value and the second check value The second check value can be set correspondingly according to the actual situation, which is not limited in this embodiment.
进一步地,本实施例中准确判断当前进程是否为安全支付进程,所述步骤S206包括:若提取的校验返回值为第一校验值,则判定所述当前进程为受保护进程;若提取的校验返回值为第二校验值,则判定所述当前进程为非受保护进程。Further, in this embodiment, it is accurately judged whether the current process is a secure payment process, and the step S206 includes: if the extracted verification return value is the first verification value, then it is determined that the current process is a protected process; if the extracted If the verification return value is the second verification value, it is determined that the current process is an unprotected process.
可以理解的是,如果校验返回值为第一校验值,则说明此时进程标识符对应的当前进程为需要受到保护的进程,也即受保护进程,如果校验返回值为第二校验值,则说明此时进程标识符对应的当前进程为不需要受到保护的进程,也即非受保护进程,本实施例中将安全支付进程等进程设置为需要受到保护的进程,将渲染进程或加载进程等进程设置为不需要受到保护的进程,当然还可以根据实际防护需求对受保护进程和非受保护进程进行相应地设置,本实施例对此不加以限制。It can be understood that if the verification return value is the first verification value, it means that the current process corresponding to the process identifier is a process that needs to be protected, that is, the protected process. If the verification return value is the second verification value value, it indicates that the current process corresponding to the process identifier is a process that does not need to be protected, that is, a non-protected process. In this embodiment, processes such as the security payment process are set as processes that need to be protected, and the rendering process Or the process such as the loading process is set as a process that does not need to be protected. Of course, the protected process and the non-protected process can also be set correspondingly according to the actual protection requirements, which is not limited in this embodiment.
本实施例通过在预设进程列表中查询所述进程标识符对应的目标权限信息,根据所述目标权限信息确定对应的安全校验信息;从所述安全校验信息中提取校验返回值;根据所述校验返回值判断所述当前窗口中运行的当前进程是否为受保护进程,通过从预设权限管理规则对应的安全校验信息中提取的校验返回值对检测当前窗口中的当前进程是否为受保护进程,能够对当前进程进行更加准确地检测,提高了浏览器安全防护的准确性,同时 保证即使未开启插件功能,也能够基于预设权限管理规则这样的基本设置保证用户的用网安全,提高了用户体验In this embodiment, by querying the target authority information corresponding to the process identifier in the preset process list, the corresponding security check information is determined according to the target authority information; and the check return value is extracted from the security check information; Determine whether the current process running in the current window is a protected process according to the verification return value, and detect the current process in the current window through the verification return value pair extracted from the security verification information corresponding to the preset authority management rule. Whether the process is a protected process can detect the current process more accurately, improving the accuracy of browser security protection, and at the same time ensuring that even if the plug-in function is not enabled, the user's rights can be guaranteed based on basic settings such as preset permission management rules. Network security improves user experience
参考图4,图4为本发明一种插件防护方法第三实施例的流程示意图。Referring to FIG. 4 , FIG. 4 is a schematic flowchart of a third embodiment of a plug-in protection method according to the present invention.
基于上述第一实施例或第二实施例,提出本发明一种插件防护方法的第三实施例。Based on the first embodiment or the second embodiment above, a third embodiment of a plug-in protection method of the present invention is proposed.
以基于上述第一实施例为例进行说明,本实施例中所述步骤S20之后,还包括:Taking the above-mentioned first embodiment as an example for illustration, after step S20 described in this embodiment, it also includes:
步骤S30':若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件。Step S30': If the current process is an unprotected process, load the plug-in in the current window.
可以理解的是,如果当前进程为非受保护进程,则说明用户不会在当前进程中主动输入涉及用户的个人账户等隐私信息,用户的私人信息被窃取的风险较低,因此可以继续加载当前窗口中的插件。It is understandable that if the current process is an unprotected process, it means that the user will not actively input private information related to the user's personal account in the current process, and the risk of the user's private information being stolen is low, so the current process can continue to be loaded. Plugins in windows.
进一步地,为了能够更加快速准确地加载当前窗口中的插件,本实施例中所述步骤S30'包括:获取所述当前窗口中所述插件的类标识符;根据所述类标识符获取所述插件的文件信息;根据所述文件信息对所述插件进行加载。Further, in order to load the plug-in in the current window more quickly and accurately, the step S30' in this embodiment includes: obtaining the class identifier of the plug-in in the current window; obtaining the The file information of the plug-in; the plug-in is loaded according to the file information.
需要说明的是,在插件进行加载时,获取插件的类标识符,类标识符相当于插件在在注册表中的身份证,并且每一个插件的类标识符均不相同,类标识符具有唯一性,根据类标识符可以查找到该插件的文件信息,例如根据类标识符1FD4978可以获取到渲染进程对应的文件信息,根据类标识符B4F3A835可以获取到安全支付进程的文件信息。此外,还需要说明的是,本实施例中的类标识符和插件对应的文件信息均是从注册表中获取的,类标识符和插件通过不同的路径存储在注册表中,本实施例中可通过第一路径从注册表中获取插件对应的类标识符,第一路径可为HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects,本实施例中还可根据类标识符通过第二路径获取该插件对应的文件信息,第二路径可为HKEY_CLASSES_ROOT\CLSID\{xxx-xxxxxxx-xxxx-xxxxxx}\InprocServer32。进一步地,还需要说明的是,插件本质上也是一种程序,程序的启动与加载需要相应的文件信息,文件信息中保存的有该插件的类型,配置数据等插件参数,基于这些插件参数可以对相应的插件进行加载。It should be noted that when the plug-in is loaded, the class identifier of the plug-in is obtained. The class identifier is equivalent to the ID card of the plug-in in the registry, and the class identifier of each plug-in is different. The class identifier has a unique According to the class identifier, the file information of the plug-in can be found. For example, the file information corresponding to the rendering process can be obtained according to the class identifier 1FD4978, and the file information of the secure payment process can be obtained according to the class identifier B4F3A835. In addition, it should be noted that in this embodiment, the class identifier and the file information corresponding to the plug-in are obtained from the registry, and the class identifier and the plug-in are stored in the registry through different paths. In this embodiment The class identifier corresponding to the plug-in can be obtained from the registry through the first path. The first path can be HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects. In this embodiment, the class identifier can also be passed through the second path To obtain the file information corresponding to the plug-in, the second path can be HKEY_CLASSES_ROOT\CLSID\{xxx-xxxxxxx-xxxx-xxxxxx}\InprocServer32. Furthermore, it needs to be explained that a plug-in is essentially a program, and the start-up and loading of the program requires corresponding file information. The file information contains plug-in parameters such as the type of the plug-in, configuration data, etc. Based on these plug-in parameters, you can Load the corresponding plugin.
进一步地,虽然用户不会在非受保护进程中主动输入个人隐私信息,但是某些恶意插件仍然能够在用户不知情的情况获取用户的个人隐私信息,本实施例为了更好地保障用户的网购及用网安全,所述步骤S30'之后还包括:Furthermore, although the user will not actively input personal privacy information in an unprotected process, some malicious plug-ins can still obtain the user's personal privacy information without the user's knowledge. In order to better protect the user's online shopping And using network security, after the step S30', it also includes:
步骤S40:在所述插件完成加载后,实时获取所述插件在运行过程中的流量数据。Step S40: After the plug-in is loaded, obtain the traffic data of the plug-in in real time during operation.
需要说明的是,恶意插件在获取用户个人隐私信息的过程中会产生相应的流量数据,并且流量数据的大小决定恶意插件所获取信息量的多少,产生的流量数据越大,所获取到的信息量越大。It should be noted that the malicious plug-in will generate corresponding traffic data in the process of obtaining the user's personal privacy information, and the size of the traffic data determines the amount of information obtained by the malicious plug-in. The larger the amount.
步骤S50:对所述流量数据进行合法性检测。Step S50: Check the validity of the traffic data.
在具体实施中,在获取到流量数据之后,会对流量数据进行合法性检测,本实施例中是通过检测流量数据中是否包含用户信息,从而判断流量数据是否为合法数据,若流量数据中不包含用户信息,则该流量数据为合法数据,若流量数据中包含用户信息,则该流量数据为不合法数据。进一步地,用户信息中包含相应的用户信息标识,基于该用户信息标识可以检测流量数据中是否包含有用户信息。In the specific implementation, after the traffic data is obtained, the legality of the traffic data will be checked. In this embodiment, it is determined whether the traffic data is legal by checking whether the traffic data contains user information. If the traffic data contains user information, the traffic data is legal data, and if the traffic data contains user information, the traffic data is illegal data. Further, the user information includes a corresponding user information identifier, and based on the user information identifier, it can be detected whether the traffic data includes the user information.
步骤S60:根据流量检测结果对运行中的插件进行控制。Step S60: Control the running plug-in according to the traffic detection result.
在具体实施中,在得到流量检测结果之后,根据流量结果对运行中的插件进行控制,插件的控制包括继续运行插件或立即停止插件的运行,如果流量数据为合法数据,则继续运行插件,如果流量数据为不合法数据,则立即停止插件的运行。具体地,本实施例中通过从注册表中删除所述插件对应的文件信息的方式停止插件的运行,所删除的文件信息是基于类标识符通过上述第二路径获取的,因此本实施例中可以通过第二路径将文件信息从注册表中删除,当然还可以采用其他方式停止运行中的插件,可以根据实际情况进行相应的设置,本实施例对此不加以限制。In the specific implementation, after the traffic detection result is obtained, the running plug-in is controlled according to the traffic result. The control of the plug-in includes continuing to run the plug-in or immediately stopping the running of the plug-in. If the traffic data is illegal data, the operation of the plug-in will be stopped immediately. Specifically, in this embodiment, the running of the plug-in is stopped by deleting the file information corresponding to the plug-in from the registry. The deleted file information is obtained through the above-mentioned second path based on the class identifier. Therefore, in this embodiment The file information can be deleted from the registry through the second path, and of course the running plug-in can also be stopped in other ways, and corresponding settings can be made according to the actual situation, which is not limited in this embodiment.
本实施例通过获取所述当前窗口中所述插件的类标识符,根据所述类标识符获取所述插件的文件信息,根据所述文件信息对当前窗口中的插件进行加载,使得当前进程为非受保护进程时,能够快速准确地对当前窗口中的插件进行加载,同时在当前窗口中的插件加载完成之后,还能够实时监测插件在运行过程中的流量数据,避免恶意软件在用户不知情的情窃取用户的个人隐私信息,保证用户的用网安全,提高了用户体验。In this embodiment, by obtaining the class identifier of the plug-in in the current window, the file information of the plug-in is obtained according to the class identifier, and the plug-in in the current window is loaded according to the file information, so that the current process is When the process is not protected, it can quickly and accurately load the plug-in in the current window, and at the same time, after the plug-in in the current window is loaded, it can also monitor the traffic data of the plug-in in real time during the running process, so as to prevent malware from being unnoticed by the user. It steals the user's personal privacy information, ensures the user's network security, and improves the user experience.
此外,本发明实施例还提出一种存储介质,所述存储介质上存储有插件防护程序,所述插件防护程序被处理器执行时实现如上文所述的插件防护方法的步骤。In addition, an embodiment of the present invention also provides a storage medium, on which a plug-in protection program is stored, and when the plug-in protection program is executed by a processor, the steps of the above-mentioned plug-in protection method are implemented.
参照图5,图5为本发明插件防护装置第一实施例的结构框图。Referring to FIG. 5 , FIG. 5 is a structural block diagram of the first embodiment of the plug-in protection device of the present invention.
如图5所示,本发明实施例提出的插件防护装置包括:As shown in Figure 5, the plug-in protection device proposed by the embodiment of the present invention includes:
获取模块10,用于在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符。The obtaining module 10 is configured to obtain the process identifier of the current process running in the current window when it is detected that a plug-in is loaded in the current window.
判断模块20,用于根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程。A judging module 20, configured to judge whether the current process running in the current window is a protected process according to the process identifier.
控制模块30,用于若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载。The control module 30 is configured to prevent the loading of plug-ins in the current window if the current process is a protected process.
本实施例通过在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符;根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载,通过阻止插件的加载以保护当前窗口中的受保护进程,无需借助预设设置的黑白名单,能够及时对浏览器进行安全防护,提高了用户体验。In this embodiment, when it is detected that there is a plug-in loaded in the current window, the process identifier of the current process running in the current window is obtained; according to the process identifier, it is judged whether the current process running in the current window is Protected process; if the current process is a protected process, the loading of the plug-in in the current window is prevented, and the protected process in the current window is protected by preventing the loading of the plug-in, without the use of a preset black and white list, which can Timely protection of browser security improves user experience.
在一实施例中,所述插件防护装置还包括检测模块;In one embodiment, the plug-in protection device further includes a detection module;
所述检测模块,用于检测所述当前窗口中是否开启插件防护功能;The detection module is used to detect whether the plug-in protection function is enabled in the current window;
所述判断模块20,还用于若检测到所述当前窗口开启插件防护功能,则根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程的步骤;The judging module 20 is also used to judge whether the current process running in the current window is a protected process according to the process identifier if it is detected that the plug-in protection function is enabled in the current window;
所述控制模块30,还用于若检测到所述当前窗口未开启插件防护功能,则根据预设权限管理规则控制所述插件的加载。The control module 30 is further configured to control the loading of the plug-in according to preset authority management rules if it is detected that the plug-in protection function is not enabled in the current window.
在一实施例中,所述控制模块30,还用于检测所述插件的插件类型;根据所述插件类型和预设权限管理规则确定所述插件对应的目标加载权限;根据所述目标加载权限控制所述插件的加载。In one embodiment, the control module 30 is further configured to detect the plug-in type of the plug-in; determine the target loading permission corresponding to the plug-in according to the plug-in type and preset permission management rules; Controls the loading of said plugins.
在一实施例中,所述判断模块20,还用于在预设进程列表中查询所述进程标识符对应的目标权限信息,根据所述目标权限信息确定对应的安全校验信息;从所述安全校验信息中提取校验返回值;根据所述校验返回值判断所述当前窗口中运行的当前进程是否为受保护进程。In an embodiment, the judging module 20 is further configured to query the target authority information corresponding to the process identifier in the preset process list, and determine the corresponding security check information according to the target authority information; from the Extracting a verification return value from the security verification information; judging whether the current process running in the current window is a protected process according to the verification return value.
在一实施例中,所述判断模块20,还用于若所述目标权限信息为受保护信息,则将第一校验值作为安全校验信息;若所述目标权限信息为非受保护信息,则将第二校验值作为安全校验信息。In an embodiment, the judging module 20 is further configured to use the first verification value as security verification information if the target authority information is protected information; if the target authority information is unprotected information , the second check value is used as the security check information.
在一实施例中,所述判断模块20,还用于若提取的校验返回值为第一校验值,则判定所述当前进程为受保护进程;若提取的校验返回值为第二校验值,则判定所述当前进程为非受保护进程。In one embodiment, the judging module 20 is further configured to determine that the current process is a protected process if the extracted verification return value is the first verification value; if the extracted verification return value is the second check value, it is determined that the current process is an unprotected process.
在一实施例中,所述控制模块30,还用于若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件。In an embodiment, the control module 30 is further configured to load the plug-in in the current window if the current process is an unprotected process.
在一实施例中,所述控制模块30,还用于获取所述当前窗口中所述插件的类标识符;根据所述类标识符获取所述插件的文件信息;根据所述文件信息对所述插件进行加载。In one embodiment, the control module 30 is further configured to obtain the class identifier of the plug-in in the current window; obtain the file information of the plug-in according to the class identifier; The above plugin is loaded.
在一实施例中,所述控制模块30,还用于通过第一路径从注册表中获取所述当前窗口中所述插件的类标识符;通过第二路径从所述注册表中获取所述类标识符对应的所述插件的文件信息。In an embodiment, the control module 30 is further configured to obtain the class identifier of the plug-in in the current window from the registry through a first path; obtain the class identifier of the plug-in in the current window through a second path The file information of the plug-in corresponding to the class identifier.
在一实施例中,所述控制模块30,还用于在所述插件完成加载后,实时获取所述插件在运行过程中的流量数据;对所述流量数据进行合法性检测;根据流量检测结果对运行中的插件进行控制。In one embodiment, the control module 30 is further configured to acquire the flow data of the plug-in in real time after the plug-in is loaded; to check the validity of the flow data; Take control of running plugins.
在一实施例中,所述检测模块,还用于检测所述流量数据中是否包括用户信息;In an embodiment, the detection module is further configured to detect whether user information is included in the traffic data;
所述控制模块30,还用于若所述流量数据中包含所述用户信息,则从注册表中删除所述插件对应的文件信息,以使所述插件停止运行。The control module 30 is further configured to, if the traffic data includes the user information, delete the file information corresponding to the plug-in from the registry, so that the plug-in stops running.
在一实施例中,所述插件防护装置还包括生成模块;In an embodiment, the plug-in protection device further includes a generating module;
所述生成模块,用于根据所述插件对应的类标识符、所述进程标识符以及所述插件对应的阻止加载操作生成加载拦截报告;将所述加载拦截报告进行展示。The generating module is configured to generate a loading interception report according to the class identifier corresponding to the plug-in, the process identifier, and the loading blocking operation corresponding to the plug-in; and display the loading interception report.
应当理解的是,以上仅为举例说明,对本发明的技术方案并不构成任何限定,在具体应用中,本领域的技术人员可以根据需要进行设置,本发明对此不做限制。It should be understood that the above is only an example, and does not constitute any limitation to the technical solution of the present invention. In specific applications, those skilled in the art can make settings according to needs, and the present invention is not limited thereto.
需要说明的是,以上所描述的工作流程仅仅是示意性的,并不对本发明的保护范围构成限定,在实际应用中,本领域的技术人员可以根据实际的需要选择其中的部分或者全部来实现本实施例方案的目的,此处不做限制。It should be noted that the workflow described above is only illustrative and does not limit the protection scope of the present invention. In practical applications, those skilled in the art can select part or all of them to implement according to actual needs. The purpose of the scheme of this embodiment is not limited here.
另外,未在本实施例中详尽描述的技术细节,可参见本发明任意实施例所提供的插件防护方法,此处不再赘述。In addition, for technical details not described in detail in this embodiment, reference may be made to the plug-in protection method provided in any embodiment of the present invention, which will not be repeated here.
此外,需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。Furthermore, it should be noted that in this document, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or system comprising a set of elements includes not only those elements, but also other elements not expressly listed, or elements inherent in such a process, method, article, or system. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article or system comprising that element.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above embodiments of the present invention are for description only, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下 前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如只读存储器(Read Only Memory,ROM)/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus a necessary general-purpose hardware platform, and of course also by hardware, but in many cases the former is better implementation. Based on such an understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as a read-only memory (Read Only Memory) , ROM)/RAM, magnetic disk, optical disk), including several instructions to make a terminal device (which can be a mobile phone, computer, server, or network device, etc.) execute the methods described in various embodiments of the present invention.
以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the patent scope of the present invention. Any equivalent structure or equivalent process conversion made by using the description of the present invention and the contents of the accompanying drawings, or directly or indirectly used in other related technical fields , are all included in the scope of patent protection of the present invention in the same way.

Claims (20)

  1. 一种插件防护方法,其特征在于,所述插件防护方法包括:A plug-in protection method, characterized in that the plug-in protection method includes:
    在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符;When it is detected that a plug-in is loaded in the current window, obtain the process identifier of the current process running in the current window;
    根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;judging whether the current process running in the current window is a protected process according to the process identifier;
    若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载。If the current process is a protected process, the loading of the plug-in in the current window is prevented.
  2. 如权利要求1所述的插件防护方法,其特征在于,所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程之前,还包括:The plug-in protection method according to claim 1, wherein before determining whether the current process running in the current window is a protected process according to the process identifier, further comprising:
    检测所述当前窗口中是否开启插件防护功能;Detect whether the plug-in protection function is enabled in the current window;
    若检测到所述当前窗口开启插件防护功能,则执行所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程的步骤;If it is detected that the plug-in protection function is enabled in the current window, then perform the step of judging whether the current process running in the current window is a protected process according to the process identifier;
    若检测到所述当前窗口未开启插件防护功能,则根据预设权限管理规则控制所述插件的加载。If it is detected that the plug-in protection function is not enabled in the current window, the loading of the plug-in is controlled according to preset rights management rules.
  3. 如权利要求2所述的插件防护方法,其特征在于,所述根据预设权限管理规则控制所述插件的加载,包括:The plug-in protection method according to claim 2, wherein the controlling the loading of the plug-in according to preset rights management rules includes:
    检测所述插件的插件类型;detecting the plug-in type of the plug-in;
    根据所述插件类型和预设权限管理规则确定所述插件对应的目标加载权限;Determine the target loading authority corresponding to the plug-in according to the plug-in type and preset rights management rules;
    根据所述目标加载权限控制所述插件的加载。The loading of the plug-in is controlled according to the target loading permission.
  4. 如权利要求1所述的插件防护方法,其特征在于,所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程,包括:The plug-in protection method according to claim 1, wherein the judging whether the current process running in the current window is a protected process according to the process identifier comprises:
    在预设进程列表中查询所述进程标识符对应的目标权限信息,根据所述目标权限信息确定对应的安全校验信息;Query the target authority information corresponding to the process identifier in the preset process list, and determine the corresponding security verification information according to the target authority information;
    从所述安全校验信息中提取校验返回值;extracting a verification return value from the security verification information;
    根据所述校验返回值判断所述当前窗口中运行的当前进程是否为受保护进程。Judging whether the current process running in the current window is a protected process according to the verification return value.
  5. 如权利要求4所述的插件防护方法,其特征在于,所述根据所述目标权限信息确定对应的安全校验信息,包括:The plug-in protection method according to claim 4, wherein said determining corresponding security verification information according to said target authority information comprises:
    若所述目标权限信息为受保护信息,则将第一校验值作为安全校验信息;If the target authority information is protected information, use the first check value as security check information;
    若所述目标权限信息为非受保护信息,则将第二校验值作为安全校验信息。If the target authority information is unprotected information, the second check value is used as security check information.
  6. 如权利要求4所述的插件防护方法,其特征在于,所述根据所述校验返回值判断所述当前窗口中运行的当前进程是否为受保护进程,包括:The plug-in protection method according to claim 4, wherein the judging whether the current process running in the current window is a protected process according to the check return value comprises:
    若提取的校验返回值为第一校验值,则判定所述当前进程为受保护进程;If the extracted verification return value is the first verification value, it is determined that the current process is a protected process;
    若提取的校验返回值为第二校验值,则判定所述当前进程为非受保护进程。If the extracted verification return value is the second verification value, it is determined that the current process is an unprotected process.
  7. 如权利要求1至6中任一项所述的插件防护方法,其特征在于,所述根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程之后,还包括:The plug-in protection method according to any one of claims 1 to 6, wherein after determining whether the current process running in the current window is a protected process according to the process identifier, it further includes:
    若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件。If the current process is an unprotected process, then load the plug-in in the current window.
  8. 如权利要求7所述的插件防护方法,其特征在于,所述加载所述当前窗口中的所述插件,包括:The plug-in protection method according to claim 7, wherein said loading the plug-in in the current window comprises:
    获取所述当前窗口中所述插件的类标识符;Obtain the class identifier of the plug-in in the current window;
    根据所述类标识符获取所述插件的文件信息;Obtaining the file information of the plug-in according to the class identifier;
    根据所述文件信息对所述插件进行加载。The plug-in is loaded according to the file information.
  9. 如权利要求8所述的插件防护方法,其特征在于,所述获取所述当前窗口中所述插件的类标识符,包括:The plug-in protection method according to claim 8, wherein said obtaining the class identifier of the plug-in in the current window comprises:
    通过第一路径从注册表中获取所述当前窗口中所述插件的类标识符;Obtaining the class identifier of the plug-in in the current window from the registry through the first path;
    相应地,所述根据所述类标识符获取所述插件的文件信息,包括:Correspondingly, the acquiring the file information of the plug-in according to the class identifier includes:
    通过第二路径从所述注册表中获取所述类标识符对应的所述插件的文件信息。The file information of the plug-in corresponding to the class identifier is obtained from the registry through the second path.
  10. 如权利要求7所述的插件防护方法,其特征在于,所述若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件之后,还包括:The plug-in protection method according to claim 7, wherein if the current process is an unprotected process, after loading the plug-in in the current window, further comprising:
    在所述插件完成加载后,实时获取所述插件在运行过程中的流量数据;After the plug-in is loaded, obtain the flow data of the plug-in in real time during operation;
    对所述流量数据进行合法性检测;Performing a legality check on the traffic data;
    根据流量检测结果对运行中的插件进行控制。Control the running plug-in according to the traffic detection result.
  11. 如权利要求10所述的插件防护方法,其特征在于,所述对所述流量数据进行合 法性检测,包括:The plug-in protection method according to claim 10, wherein said detecting the legality of said flow data comprises:
    检测所述流量数据中是否包括用户信息;Detecting whether user information is included in the traffic data;
    相应地,所述根据流量检测结果对运行中的插件进行控制,包括:Correspondingly, the controlling the running plug-in according to the traffic detection result includes:
    若所述流量数据中包含所述用户信息,则从注册表中删除所述插件对应的文件信息,以使所述插件停止运行。If the traffic data includes the user information, delete the file information corresponding to the plug-in from the registry, so that the plug-in stops running.
  12. 如权利要求1至6中任一项所述的插件防护方法,其特征在于,所述若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载之后,还包括:The plug-in protection method according to any one of claims 1 to 6, wherein if the current process is a protected process, after preventing the loading of plug-ins in the current window, further comprising:
    根据所述插件对应的类标识符、所述进程标识符以及所述插件对应的阻止加载操作生成加载拦截报告;Generate a loading interception report according to the class identifier corresponding to the plug-in, the process identifier, and the blocking loading operation corresponding to the plug-in;
    将所述加载拦截报告进行展示。The loading interception report is displayed.
  13. 一种插件防护装置,其特征在于,所述插件防护装置包括:A plug-in protection device, characterized in that the plug-in protection device includes:
    获取模块,用于在检测到当前窗口中有插件加载时,获取所述当前窗口中所运行的当前进程的进程标识符;An acquisition module, configured to acquire the process identifier of the current process running in the current window when it is detected that a plug-in is loaded in the current window;
    判断模块,用于根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;A judging module, configured to judge whether the current process running in the current window is a protected process according to the process identifier;
    控制模块,用于若所述当前进程为受保护进程,则阻止所述当前窗口中插件的加载。A control module, configured to prevent the loading of plug-ins in the current window if the current process is a protected process.
  14. 如权利要求13所述的插件防护装置,其特征在于,所述插件防护装置还包括:检测模块;The plug-in protection device according to claim 13, further comprising: a detection module;
    所述检测模块,用于检测所述当前窗口中是否开启插件防护功能;The detection module is used to detect whether the plug-in protection function is enabled in the current window;
    所述判断模块,还用于若检测到所述当前窗口开启插件防护功能,根据所述进程标识符判断所述当前窗口中所运行的当前进程是否为受保护进程;The judging module is further configured to judge whether the current process running in the current window is a protected process according to the process identifier if it is detected that the plug-in protection function is enabled in the current window;
    所述控制模块,还用于若检测到所述当前窗口未开启插件防护功能,则根据预设权限管理规则控制所述插件的加载。The control module is further configured to control the loading of the plug-in according to preset rights management rules if it is detected that the plug-in protection function is not enabled in the current window.
  15. 如权利要求13所述的插件防护装置,其特征在于,所述控制模块,还用于若所述当前进程为非受保护进程,则加载所述当前窗口中的所述插件。The plug-in protection device according to claim 13, wherein the control module is further configured to load the plug-in in the current window if the current process is an unprotected process.
  16. 如权利要求15所述的插件防护装置,其特征在于,所述控制模块,还用于获取所述当前窗口中所述插件的类标识符;根据所述类标识符获取所述插件的文件信息;根据所述文件信息对所述插件进行加载。The plug-in protection device according to claim 15, wherein the control module is further configured to obtain the class identifier of the plug-in in the current window; obtain the file information of the plug-in according to the class identifier ; Load the plug-in according to the file information.
  17. 如权利要求16所述的插件防护装置,其特征在于,所述控制模块,还用于通过第一路径从注册表中获取所述当前窗口中所述插件的类标识符;通过第二路径从所述注册表中获取所述类标识符对应的所述插件的文件信息。The plug-in protection device according to claim 16, wherein the control module is further configured to obtain the class identifier of the plug-in in the current window from the registry through a first path; The file information of the plug-in corresponding to the class identifier is obtained from the registry.
  18. 如权利要求15所述的插件防护装置,其特征在于,所述插件防护装置还包括监控模块;The plug-in protection device according to claim 15, wherein the plug-in protection device further comprises a monitoring module;
    所述监控模块,用于在所述插件完成加载后,实时获取所述插件在运行过程中的流量数据;对所述流量数据进行合法性检测;根据流量检测结果对运行中的插件进行控制。The monitoring module is configured to obtain real-time flow data of the plug-in during operation after the plug-in is loaded; to detect the validity of the flow data; and to control the running plug-in according to the flow detection result.
  19. 一种插件防护设备,其特征在于,所述插件防护设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的插件防护程序,所述插件防护程序配置为实现如权利要求1至12中任一项所述的插件防护方法的步骤。A plug-in protection device, characterized in that the plug-in protection device includes: a memory, a processor, and a plug-in protection program stored on the memory and operable on the processor, and the plug-in protection program is configured to implement The steps of the plug-in protection method according to any one of claims 1-12.
  20. 一种存储介质,其特征在于,所述存储介质上存储有插件防护程序,所述插件防护程序被处理器执行时实现如权利要求1至12任一项所述的插件防护方法的步骤。A storage medium, characterized in that a plug-in protection program is stored on the storage medium, and when the plug-in protection program is executed by a processor, the steps of the plug-in protection method according to any one of claims 1 to 12 are implemented.
PCT/CN2021/143643 2021-05-31 2021-12-31 Plug-in protection method and apparatus, and device and storage medium WO2022252609A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110606601.7A CN115964700A (en) 2021-05-31 2021-05-31 Plug-in protection method, device, equipment and storage medium
CN202110606601.7 2021-05-31

Publications (1)

Publication Number Publication Date
WO2022252609A1 true WO2022252609A1 (en) 2022-12-08

Family

ID=84323825

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/143643 WO2022252609A1 (en) 2021-05-31 2021-12-31 Plug-in protection method and apparatus, and device and storage medium

Country Status (2)

Country Link
CN (1) CN115964700A (en)
WO (1) WO2022252609A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350711A (en) * 2007-10-15 2009-01-21 北京瑞星国际软件有限公司 Method and device for protecting target process
US20090077664A1 (en) * 2006-04-27 2009-03-19 Stephen Dao Hui Hsu Methods for combating malicious software
CN101414341A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Software self-protection method
CN102902912A (en) * 2012-10-08 2013-01-30 北京奇虎科技有限公司 Mounting-free ActiveX plug-in unit security detection device and method
CN103957205A (en) * 2014-04-25 2014-07-30 国家电网公司 Trojan horse detection method based on terminal traffic
CN104239752A (en) * 2013-06-09 2014-12-24 腾讯科技(深圳)有限公司 Method and apparatus for protecting private information during using of browser
CN109522714A (en) * 2018-09-05 2019-03-26 航天信息股份有限公司 A kind of method and system that target software is protected based on plug-in securing software

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090077664A1 (en) * 2006-04-27 2009-03-19 Stephen Dao Hui Hsu Methods for combating malicious software
CN101350711A (en) * 2007-10-15 2009-01-21 北京瑞星国际软件有限公司 Method and device for protecting target process
CN101414341A (en) * 2007-10-15 2009-04-22 北京瑞星国际软件有限公司 Software self-protection method
CN102902912A (en) * 2012-10-08 2013-01-30 北京奇虎科技有限公司 Mounting-free ActiveX plug-in unit security detection device and method
CN104239752A (en) * 2013-06-09 2014-12-24 腾讯科技(深圳)有限公司 Method and apparatus for protecting private information during using of browser
CN103957205A (en) * 2014-04-25 2014-07-30 国家电网公司 Trojan horse detection method based on terminal traffic
CN109522714A (en) * 2018-09-05 2019-03-26 航天信息股份有限公司 A kind of method and system that target software is protected based on plug-in securing software

Also Published As

Publication number Publication date
CN115964700A (en) 2023-04-14

Similar Documents

Publication Publication Date Title
US10834115B2 (en) Methods and systems for providing security for page framing
US8832796B2 (en) Wireless communication terminal, method for protecting data in wireless communication terminal, program for having wireless communication terminal protect data, and recording medium storing the program
JP6326497B2 (en) Dynamic application security verification
US8752180B2 (en) Behavioral engine for identifying patterns of confidential data use
WO2018188558A1 (en) Method and apparatus for identifying account permission
CN107852412B (en) System and method, computer readable medium for phishing and brand protection
KR101700552B1 (en) Context based switching to a secure operating system environment
CN108763951B (en) Data protection method and device
US20070192857A1 (en) System and method for enforcing a security context on a downloadable
US11706220B2 (en) Securing application behavior in serverless computing
CN106330958A (en) Secure accessing method and device
US11914699B2 (en) Restricting access to application programming interfaces (APIs)
CN111400723A (en) TEE extension-based operating system kernel mandatory access control method and system
CN110855642B (en) Application vulnerability detection method and device, electronic equipment and storage medium
WO2023023127A1 (en) System and method for controlling js scripts access to dom/apis
US9785775B1 (en) Malware management
Wang et al. Towards a better super-app architecture from a browser security perspective
WO2022252609A1 (en) Plug-in protection method and apparatus, and device and storage medium
US11030320B2 (en) Managing the loading of sensitive modules
US8307365B2 (en) Apparatus and method for managing execution of activeX control
CN111125793B (en) Trusted verification method and system for object memory in access control
Khadiranaikar et al. Improving Android application security for intent based attacks
CN115935328A (en) Resource access control method, device, equipment and storage medium
TWI668592B (en) Method for automatically determining the malicious degree of Android App by using multiple dimensions
CN111177726A (en) System vulnerability detection method, device, equipment and medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21943961

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE