CN101802805A - Method for verifying application programs and controlling the execution thereof - Google Patents

Method for verifying application programs and controlling the execution thereof Download PDF

Info

Publication number
CN101802805A
CN101802805A CN 200880101647 CN200880101647A CN101802805A CN 101802805 A CN101802805 A CN 101802805A CN 200880101647 CN200880101647 CN 200880101647 CN 200880101647 A CN200880101647 A CN 200880101647A CN 101802805 A CN101802805 A CN 101802805A
Authority
CN
China
Prior art keywords
application program
execution
dll
verification data
subscriber computer
Prior art date
Application number
CN 200880101647
Other languages
Chinese (zh)
Other versions
CN101802805B (en
Inventor
丁相权
金相完
李东根
Original Assignee
普兰蒂网络有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to KR20070077657A priority Critical patent/KR100918626B1/en
Priority to KR10-2007-0077657 priority
Application filed by 普兰蒂网络有限公司 filed Critical 普兰蒂网络有限公司
Priority to PCT/KR2008/004485 priority patent/WO2009017382A2/en
Publication of CN101802805A publication Critical patent/CN101802805A/en
Application granted granted Critical
Publication of CN101802805B publication Critical patent/CN101802805B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Abstract

Disclosed is a method for verifying and controlling execution of application programs which searches for the application programs, such as P2P program or messenger programs, or game files not permitted by an administrator, such as parents, subjected to being prevented from arbitrary execution so as to control whether to intercept or permit the execution of the application program, and classifies the application programs for every category so as to control the interception or the permission of the execution of the application program according to the environment setting policy set for every category, said method comprises: the steps of establishing an application program verification data DB, in which the collected application program files are classified for every program category so as to generate the application program verification data DB; transmitting the application program verification data DB to a user's computer; postponing the execution of the application program of the user's computer when the execution of the application program of the user's computer is initialized, and extracting the verification data of the executed application program; and searching for the application program verification data DB with the verification data with respect to the application program desired to be used in the user's computer and controlling the interception or permission of the execution of the application program according to the environment settling policy for every category.

Description

Be used for verifying application programs and control the method for its execution
Technical field
The present invention relates to being installed on the control of the application program in the subscriber computer, and relate in particular to a kind of system and method that is used for the execution of controlling application program, this system and method judges to carry out which kind of application program in subscriber computer, and the execution that the application program that comprises in the classification is set is controlled.
Background technology
In the various application programs in being installed on subscriber computer, not only have the file of downloading and installing according to user's request, also have the user to the accurate essence of program and unwitting situation under wrong Virus or the application process file of installing.And such situation may take place: in by the computing machine of a plurality of user captures and use (as the computing machine that uses in family), it is not program execute file known to the main user that child user has been installed.Especially, may carry out very likely to children and provide the relevant program execute file of the P2P in the path that obtains harmful information or messenger programs or not by game file that keeper such as father and mother allowed.Therefore, the demand for a kind of like this system or method increases gradually: this system and method provides search will be prevented from the program of not controlled execution and has prevented to carry out the ability of this program.
Review provides the prior art of this ability, a solution has been proposed, in this scheme, periodic search is stored in the execute file name (xxx.exe) or the specific character string of the specific part of whole procedure in the disk of subscriber computer or application program, if the program that searches out subsequently corresponding to program controlled, then should be deleted this program.In alternative solution, the execute file name (xxx.exe) or the specific character string of the whole procedure that search is in real time carried out in subscriber computer or the specific part of application program, if the program that searches out subsequently corresponding to program controlled, then should be tackled this program implementation.
Yet the execute file name (xxx.exe) of application program can arbitrarily be changed, thereby has limited the effect of the prior art of search execute file name (xxx.exe) unfriendly.And the specific part of analyzing whole procedure or program has following problem with the prior art of search specific character string: wherein, in the step of executive process, have sizable burden being used to carry out on the processor of each program.In addition, prior art can not provide a kind of like this classification control: wherein, various application programs can be divided into several classifications, and judge execution or interception application program according to each classification.
Summary of the invention
Technical matters
Therefore, the present invention is devoted to solve the above-mentioned problems in the prior art, and the invention provides a kind of method that is used for the execution of controlling application program file, this method at first comprises based on the verification msg of unique existence in the application file sets up application program classification validation database for each classification, and verification msg is to collect through the various application program execute files of acquisitions such as the Internet by analyzing.And, the described method that is used to control further comprises: the application program validation database of classifying is downloaded to subscriber computer (for example PC), in subscriber computer, make the execution of application program postpone a bit of time before the executive utility, from application program, extract verification msg, and whether judge the verification msg that extracts, thereby can realize controlling according to the execution of the application programs of judging as a result corresponding to each project that is stored in the application program verification data database in the subscriber computer.
In addition, the present invention also is devoted to solve the above-mentioned problems in the prior art, and the invention provides and a kind ofly be used for distinguishing the classification of the application program of carrying out at subscriber computer and according to the method for coming the execution of application programs to allow or tackle at the control sequence of each classification setting.
Technical scheme
According to a scheme of the present invention, a kind of also method of the execution of controlling application program that is used to verify is provided, may further comprise the steps:
Set up application program verification data DB, wherein, the analysis of application program verification server is for the required DLL (dynamic link library) of process of each application file executive utility of collecting through the Internet etc., if there is the DLL that can distinguish application program among the DLL that loads, then extract unique DLL, if do not have the DLL that can distinguish application program among the DLL that loads, the metamessage that then extracts application program is as identifier, and is that each program classification generates application program verification data DB;
Send application program verification data DB, wherein, the application program verification data DB that will generate in the step of setting up application program verification data DB sends to subscriber computer;
Extract the application program verification data of subscriber computer, wherein, when initialization is carried out in the execution of application program in to subscriber computer, postpone the execution of application program, extract the DLL of application program or metamessage subsequently as the program verification data; And
The execution of the application program of checking and control subscriber computer, wherein, utilization is desirably in the verification msg of the application program of using in the subscriber computer and comes search for application verification msg DB, if there is no Dui Ying project, then allow the execution of the application program postponed, and the verification msg that extracts sent to the application program verification server, if and have corresponding project, then interception or the permission of carrying out according to the execution of controlling application programs at the environment Provisioning Policy of each classification among the application program verification data DB.
Beneficial effect
Application process file when the mistake installation, Virus, the program execute file that main user did not expect, the relevant execute file or the messenger programs of P2P in the path that obtains harmful information very likely is provided for children, in the time of can not being carried out by game file that keeper such as father and mother allowed etc., effect of the present invention is: if detect the execution of application program in subscriber computer, then make this execution postpone a bit of time, whether from application program, extract verification msg that verification msg extracts with search corresponding to each project that is stored in the application program classification validation database in the subscriber computer, and should prevent the program arbitrarily carried out according to Search Results search, tackle or allow thereby control the whether execution of application programs.In addition, effect of the present invention also is: classify at each classification application programs, thereby control interception or the permission that the execution of application programs is carried out according to the environment Provisioning Policy that is provided with at each classification.
Description of drawings
Fig. 1 is the process flow diagram that an one exemplary embodiment of the present invention is shown;
Fig. 2 is the process flow diagram that illustrates according to an one exemplary embodiment of the historical step of the execution that additionally comprises records application program of the present invention/interception;
Fig. 3 is the process flow diagram that specifically illustrates according to the step of the renewal application program verification data DB of another one exemplary embodiment of the present invention;
Fig. 4 is the process flow diagram that specifically illustrates according to the step of setting up application program verification data DB of an one exemplary embodiment of the present invention;
Fig. 5 is the process flow diagram that specifically illustrates according to a process of an one exemplary embodiment of the present invention, in this process, by the step S300 of the application program verification data that are stored in the Agent execution extraction subscriber computer in the subscriber computer, and the step S400 of the execution of the application program of checking and control subscriber computer;
Fig. 6 is the diagrammatic sketch of system that is constructed to implement described method that illustrates according to an one exemplary embodiment of the present invention;
Fig. 7 be illustrate according to an one exemplary embodiment of the present invention be used to verify and the diagrammatic sketch of the Agent of the execution of controlling application program;
Fig. 8 is the diagrammatic sketch that the file of verification msg DB is shown according to the present invention.
The brief description of the Reference numeral the in<accompanying drawing 〉
S100: set up application program verification data DB
S200: send application program verification data DB
S300: the application program verification data of extracting subscriber computer
S400: the checking and the execution of the application program of control subscriber computer
S500: the execution of records application program/interception is historical
S110: carry out Agent
S120: executive utility
S130: extract the DLL that loads
S140: the DLL that has unique loading?
S150: extract metamessage
S160: add project to verification msg DB
100: the application program verification server
The 110:(authentication server) application program verification data DB
200: subscriber computer
The 210:(subscriber computer) application program verification data DB 210
Embodiment
Below, with structure and the step of describing with reference to the accompanying drawings according to the execution of the checking of an one exemplary embodiment of the present invention and controlling application program.
Referring to Fig. 1 to Fig. 6, according to an one exemplary embodiment of the present invention be used to verify and the method for the execution of controlling application program comprises:
Step S100, set up application program verification data DB, wherein, application program verification server 100 is analyzed the required DLL of process for each application file executive utility of collecting through the Internet etc., if there is the DLL that can distinguish application program among the DLL that loads, then extract unique DLL, if do not have the DLL that can distinguish application program among the DLL that loads, the metamessage that then extracts application program is as identifier, and is that each program classification generates application program verification data DB;
Step S200 sends application program verification data DB, and wherein, the application program verification data DB that will generate in the step S100 that sets up application program verification data DB sends to subscriber computer 200;
Step S300, extract the application program verification data of subscriber computer, wherein, when initialization is carried out in the execution of application program in to subscriber computer 200, postpone the execution of this application program, extract the DLL of application program or metamessage subsequently as the program verification data; And
Step S400, the execution of the application program of checking and control subscriber computer, wherein, utilization is desirably in the verification msg of the application program of using in the subscriber computer and comes search for application verification msg DB, if there is no Dui Ying project, then allow the execution of the application program postponed, and the verification msg that extracts sent to application program verification server 100, if and have corresponding project, then interception or the permission of carrying out according to the execution of controlling application programs at the environment Provisioning Policy of each classification among the application program verification data DB.
Fig. 2 shows an one exemplary embodiment of the step of the execution/interception history that additionally comprises records application program, as shown in Figure 2, preferably, after the step S400 of control checking and execution, further comprise step S500: the execution of records application program/interception is historical, wherein, the permission that the execution of record application programs is carried out in the application program verification data DB of subscriber computer or the history of interception.
More specifically, in the step S100 that sets up application program verification data DB, analyze the required DLL of executive utility, wherein, the verification msg DB that distinguishes application program is made up of the information of the DLL that loads.For example, at general messenger programs of analysis such as MSN, during the executive process of NateOn etc., load specific unique DLL to carry out this program.In addition, the patch even universal program gets beat up, the reformed possibility of this unique DLL is also very little, thus advantageously, the application program verification data DB that comprises unique DLL does not need frequent updating.
In addition, in application program is not load under the situation of program of its unique DLL, for example be present in Card Games in the Windows auxiliary routine, Freecell (Freecell) etc., described program is mounted with the common DLL that uses in other program, thereby is difficult to extract unique DLL information of corresponding program.Yet in the present invention, the metamessage (title of Windows, the image name of execute file etc.) that extracts application program is as the verification msg that can distinguish application program.
Each classification at program is classified to the verification msg (unique DLL or metamessage) that extracts, and set up application program verification data DB 110, the input of the particular Hash value that DLL and the metamessage of the message pick-up that comprises among the DB by handler file obtains, and by application program verification data DB being sent to the step S200 of subscriber computer 200, the application program verification data DB 110 that will generate in authentication server 100 is stored among the application program verification data DB 210 of subscriber computer 200, thereby the execution of various types of application programs of carrying out in can the 210 pairs of subscriber computers of application program verification data DB based on subscriber computer 200 is controlled.
Simultaneously, Fig. 3 has specifically illustrated the step according to the renewal application program verification data DB of another one exemplary embodiment of the present invention, as shown in Figure 3, more preferably, be used to verify that also the method for the execution of controlling application program further comprises step S600: upgrade application program verification data DB, wherein, when starting subscriber computer 200, carry out Agent, and the application program verification data DB 210 of subscriber computer and the application program verification data DB 110 of application program verification server 100 compared, if the application program verification data DB 210 of subscriber computer is up-to-date, then it will be identified, if and these application program verification data DB 210 is not up-to-date, then upgrade application program verification data DB210.
The above-mentioned step S100 that sets up application program verification data DB is implemented by the Agent that is stored in the application program verification server 100, and, Fig. 4 shows the concrete steps of setting up application program verification data DB according to an one exemplary embodiment of the present invention, as shown in Figure 4, preferably include: the step S110 that carries out Agent, wherein, carry out Agent; The step S120 of executive utility, wherein, executive utility; Extract the step S130 of the DLL that loads, wherein, carry out the DLL that is used for the required basic loading of executive utility; Judge the step S140 of unique DLL, wherein, judge in the DLL of the basic loading that extracts, whether there is unique DLL that can distinguish application program; Extract the step S150 of metamessage, wherein, do not have unique DLL, then extract the metamessage of application program if determine according to the result of step S140; And the step S160 that adds verification msg DB search item, wherein, add unique DLL that in the step S130 that extracts the DLL that loads, extracts or the application program metamessage that in the step S150 that extracts metamessage, extracts to verification msg DB as search item.
The application program metamessage that extracts in step S150 can comprise the Windows title of application program, the filename of execution reflection etc.
In addition, the step S400 of the execution of the application program of the step S300 of the application program verification data of extraction subscriber computer and checking and control subscriber computer can be carried out by the Agent that is stored in the subscriber computer.
Describe step S300 and S400 in detail with reference to Fig. 5, the step S300 that extracts the application program verification data of subscriber computer comprises: step S310, detect the starting point that application program is carried out in the subscriber computer; Step S320 postpones the execution of application program; Step S330 extracts the required DLL of executive utility from application program; And step S340, from application program, extract metamessage.
Step S310 and S320 are described particularly, the opertaing device that operation is implemented with the form of Agent when starting subscriber computer, load verification msg DB, begin to detect the operation that application program is carried out, if and in subscriber computer, detect the starting point that application program is carried out, the then at first execution of delay routine.
In addition, in step S300, extract the process of the DLL that loads and use such method: utilize the relevant api function of process that in Windows, is provided with to extract the DLL of loading, and the application program metamessage that extracts in step S340 can comprise the Windows title of application program, the filename of execution reflection etc.
And, as shown in Figure 5, the step S400 of execution of the application program of checking and control subscriber computer comprises: step S410, search from the application program of subscriber computer, extract as the DLL of verification msg or metamessage whether corresponding to the project of the application program verification data DB 210 of subscriber computer; Step S420 is if the result is for being then to classify at each classification application programs among the verification msg DB in step S410; Step S430 is according to judge that at the control strategy of each classification of being classified whether the execution of application programs is tackled in step S420; Step S440 and S450, the execution of application programs allows or tackles; And step S460 and S470, if the result then sends to verification msg application program verification server 100, and the execution of application program in the subscriber computer is allowed for not in step S410.
The file that comprises among the application program verification data DB 110 and 210 can be subdivided into P2P program classification PR10, games classification PR20, messenger programs classification PR30, other program classification PR40 etc. at each classification, and is extremely shown in Figure 8 as Fig. 6.In addition, in the step S440 and S450 that allow according to the execution of judging step S430 that the whether execution of application programs is tackled and application programs at the control strategy of each classification of in step S420, being classified or tackle, only whether can be provided with by user's environment setting the execution of the application program that comprises among the games classification PR20 is tackled, perhaps application program and P2P messenger programs classification PR10 to comprising among the games classification PR20, the execution of the application program that comprises among the messenger programs classification PR30 etc. is tackled together, thereby can satisfy user's various demands.In addition, even carrying out under the situation that not only is blocked but also is allowed to, it also is recorded and stores for the execution of each other application program of application class and the history of interception, so that can be used as statistical data by the historical step S500 of the execution/interception of records application program.
Referring to Fig. 6, a kind of system of the execution according to checking of the present invention and controlling application program comprises: application program verification server 100, it is used to analyze the required DLL of process for the application program executive utility file of collecting through the Internet etc., if there is the DLL that can distinguish application program among the DLL that loads, then extract unique DLL, if application program does not comprise this DLL, then extract among the DLL that loads and to distinguish the metamessage of application program, and be that each program classification generates and renewal application program verification data DB 110; And subscriber computer 200, it comprises the application program verification data DB 210 that sends to subscriber computer from the application program verification server, and checking and execution control module 220, checking and execution control module 220 are used for postponing the execution of application program when the execution of subscriber computer application program is initialised, and extract the DLL of performed application program and metamessage as verification msg, the verification msg that utilization extracts is come search for application verification msg DB, if there is no Dui Ying project, then the execution of application programs is removed delay and the verification msg that extracts is sent to authentication server, if and have corresponding project among the application program verification data DB, then come the execution of application programs to tackle or allow according to environment Provisioning Policy at each classification.
According to one exemplary embodiment of the present invention, preferably, checking and execution control module 220 are implemented with the form of software, and by being used to verify that also the Agent of the execution of controlling application program is implemented.As shown in Figure 7, preferably, be used to verify and the Agent of the execution of controlling application program further comprises: for the permission/interception control setting unit 221 of each classification, it is used for setting in advance permission or the interception that the execution of application programs is carried out by the user for each classification; Program is carried out real-time detecting unit 222, and it is used for detecting the initialization that the subscriber computer application program is carried out; Carry out to allow or interception historical record unit 223, its historical record that is used for permission that the execution of application programs is carried out or interception is to application program verification data DB 220; Verification msg DB updating block 224, it is used for the application program verification data DB 210 of subscriber computer and the application program verification data DB110 of application program verification server 100 are compared to upgrade; And carry out and interception notification unit 225, it is used for execution or interception are notified to the user.
Although described technical spirit of the present invention with reference to the accompanying drawings, this description does not limit the present invention, but the preferred embodiments of the present invention only have been described.And, it will be appreciated by those skilled in the art that under the prerequisite that does not break away from technical spirit of the present invention and scope, can carry out variations and modifications.
In addition, scope of the present invention by claim but not the scope of detailed instructions limit, and, should be appreciated that all changes that are derived from claim or modification and equivalents thereof all belong to scope of the present invention.

Claims (7)

1. one kind is used to verify the also method of the execution of controlling application program, may further comprise the steps:
(S100) set up application program verification data DB, wherein, the analysis of application program verification server is for the required DLL of process of each application file executive utility of collecting via the Internet etc., if there is the DLL that can distinguish application program among the DLL that loads, then extract unique DLL, if do not have the DLL that can distinguish application program among the DLL that loads, the metamessage that then extracts application program is as identifier, and be each program classification generation application program verification data DB;
(S200) send application program verification data DB, wherein, the application program verification data DB that will generate in the step of setting up application program verification data DB (S100) sends to subscriber computer;
(S300) extract the application program verification data of subscriber computer, wherein, when initialization is carried out in the execution of application program in to subscriber computer, postpone the execution of described application program, extract the DLL of application program or metamessage subsequently as the program verification data; And
(S400) execution of the application program of checking and control subscriber computer, wherein, utilization is desirably in the verification msg of the application program of using in the subscriber computer and comes search for application verification msg DB, if there is no Dui Ying project, then allow the execution of the application program postponed, and the verification msg that extracts sent to described application program verification server, if and have corresponding project, then interception or the permission of carrying out according to the execution of controlling application programs at the environment Provisioning Policy of each classification among the application program verification data DB.
2. the method for claim 1, in the step (S400) of controlling checking and carrying out afterwards, further comprise step (S500): the execution of records application program/interception is historical, wherein, the permission that the execution of record application programs is carried out in the application program verification data DB of subscriber computer or the history of interception.
3. method as claimed in claim 1 or 2, further comprise step (S600): upgrade application program verification data DB, wherein, when starting subscriber computer, the application program verification data DB of subscriber computer and the application program verification data DB of application program verification server are compared to upgrade.
4. method as claimed in claim 3, wherein, the step (S100) of setting up application program verification data DB may further comprise the steps:
(S110) carry out Agent, wherein, carry out Agent;
(S120) executive utility, wherein, executive utility;
(S130) extract the DLL that loads, wherein, carry out the DLL that is used for the required basic loading of executive utility;
(S140) judge unique DLL, wherein, judge in the DLL of the basic loading that extracts, whether there is unique DLL that can distinguish application program;
(S150) extract metamessage, wherein, do not have unique DLL, then extract the metamessage of application program if determine according to the result of step (S140); And
(S160) add verification msg DB search item, wherein, unique DLL that will extract in the step (S130) of the DLL that extract to load or the application program metamessage that extracts in the step (S150) of extracting metamessage add verification msg DB to as search item.
5. method as claimed in claim 4, wherein, the application program metamessage that extracts in the step (S150) of extracting metamessage comprises the Windows title of application program, the filename of execution reflection etc.
6. method as claimed in claim 3, wherein, the step (S400) of the execution of the application program of the step (S300) of the application program verification data of extraction subscriber computer and checking and control subscriber computer is carried out by the Agent that is stored in the subscriber computer
The step (S300) of extracting the application program verification data of subscriber computer may further comprise the steps:
(S310) detect the starting point that application program is carried out in the subscriber computer;
(S320) execution of delay application program;
(S330) from application program, extract the required DLL of executive utility; And
(S340) from application program, extract metamessage, and
The step (S400) of the execution of the application program of checking and control subscriber computer may further comprise the steps:
(S410) search from the application program of subscriber computer, extract as the DLL of verification msg or metamessage whether corresponding to the project of the application program verification data DB of subscriber computer;
(S420) if the result is for being then to classify at each classification application programs among the verification msg DB in step (S410);
(S430) according to judging that at the control strategy of each classification of in step (S420), being classified whether the execution of application programs is tackled;
The execution of (S440 and S450) application programs allows or tackles; And
(S460 and S470) is if the result then sends to verification msg the application program verification server, and the execution of application program in the subscriber computer is allowed for not in step (S410).
7. method as claimed in claim 6, wherein, the application program metamessage that extracts in step (S340) comprises the Windows title of application program, the filename of execution reflection etc.
CN 200880101647 2007-08-02 2008-08-01 Method for verifying application programs and controlling the execution thereof CN101802805B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
KR20070077657A KR100918626B1 (en) 2007-08-02 2007-08-02 Method for verifying application programs and controlling the execution thereof
KR10-2007-0077657 2007-08-02
PCT/KR2008/004485 WO2009017382A2 (en) 2007-08-02 2008-08-01 Method for verifying application programs and controlling the execution thereof

Publications (2)

Publication Number Publication Date
CN101802805A true CN101802805A (en) 2010-08-11
CN101802805B CN101802805B (en) 2012-07-18

Family

ID=40305069

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200880101647 CN101802805B (en) 2007-08-02 2008-08-01 Method for verifying application programs and controlling the execution thereof

Country Status (4)

Country Link
KR (1) KR100918626B1 (en)
CN (1) CN101802805B (en)
TW (1) TWI419005B (en)
WO (1) WO2009017382A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968338A (en) * 2012-12-13 2013-03-13 北京奇虎科技有限公司 Method and device for classifying application program of electronic equipment and electronic equipment
CN103092604A (en) * 2012-12-13 2013-05-08 北京奇虎科技有限公司 Application program classification method and device
CN103366104A (en) * 2013-07-22 2013-10-23 腾讯科技(深圳)有限公司 Method and device for controlling accessing of application
CN104272318A (en) * 2012-05-10 2015-01-07 丰田自动车株式会社 Software distribution system, software distribution method

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100970567B1 (en) * 2009-08-24 2010-07-16 박한규 Method for firewalling using program database
KR101138746B1 (en) * 2010-03-05 2012-04-24 주식회사 안철수연구소 Apparatus and method for preventing malicious codes using executive files
KR101369250B1 (en) * 2011-12-29 2014-03-06 주식회사 안랩 Server, client and method for verifying integrity of data in peer to peer based network
AU2013207269A1 (en) * 2012-01-06 2014-07-24 Optio Labs, LLC Systems and methods for enforcing security in mobile computing
KR101995260B1 (en) * 2012-04-30 2019-07-02 삼성전자 주식회사 Method and system for providing app service
KR101594643B1 (en) * 2012-11-22 2016-02-16 단국대학교 산학협력단 Method for detecting software piracy and theft based on partial information of executable file, and apparatus therefor
CN103246595B (en) 2013-04-08 2016-06-08 小米科技有限责任公司 Application management method, device, server and terminating unit
KR101593899B1 (en) 2014-04-03 2016-02-15 주식회사 엘지씨엔에스 Cloud computing method, clould computing server performing the same and storage media storing the same
KR101654973B1 (en) * 2014-04-30 2016-09-06 단국대학교 산학협력단 Apparatus and method for software filtering
KR101700413B1 (en) * 2015-09-24 2017-02-13 주식회사 오앤파트너스 Method and system for integrity check of integrit of program
KR101899149B1 (en) * 2018-04-30 2018-09-14 에스엠테크놀러지(주) Abnormal Process Monitoring and Controlling System and Method, Recording Medium for Performing the Method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7093135B1 (en) * 2000-05-11 2006-08-15 Cybersoft, Inc. Software virus detection methods and apparatus
US7363657B2 (en) * 2001-03-12 2008-04-22 Emc Corporation Using a virus checker in one file server to check for viruses in another file server
US7600222B2 (en) * 2002-01-04 2009-10-06 Microsoft Corporation Systems and methods for managing drivers in a computing system
JP4487490B2 (en) * 2003-03-10 2010-06-23 ソニー株式会社 Information processing apparatus, access control processing method, information processing method, and computer program
CN1581144A (en) * 2003-07-31 2005-02-16 上海市电子商务安全证书管理中心有限公司 Digital certificate local identification method and system
CN100395721C (en) * 2003-12-20 2008-06-18 鸿富锦精密工业(深圳)有限公司 System and method for centralized monitoring of limited program
KR100611679B1 (en) * 2004-07-30 2006-08-10 주식회사 뉴테크웨이브 A system for early prevention of computer virus and a method therefor
JP4733509B2 (en) * 2005-11-28 2011-07-27 株式会社野村総合研究所 Information processing apparatus, information processing method, and program

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104272318A (en) * 2012-05-10 2015-01-07 丰田自动车株式会社 Software distribution system, software distribution method
CN104272318B (en) * 2012-05-10 2016-11-02 丰田自动车株式会社 software distribution system, software distribution method
CN102968338A (en) * 2012-12-13 2013-03-13 北京奇虎科技有限公司 Method and device for classifying application program of electronic equipment and electronic equipment
CN103092604A (en) * 2012-12-13 2013-05-08 北京奇虎科技有限公司 Application program classification method and device
CN103092604B (en) * 2012-12-13 2016-09-21 上海欧拉网络技术有限公司 A kind of application program sorting technique and device
CN102968338B (en) * 2012-12-13 2016-12-21 上海欧拉网络技术有限公司 Method, device and the electronic equipment classified for the application program of electronic equipment
CN103366104A (en) * 2013-07-22 2013-10-23 腾讯科技(深圳)有限公司 Method and device for controlling accessing of application

Also Published As

Publication number Publication date
TW200912696A (en) 2009-03-16
CN101802805B (en) 2012-07-18
WO2009017382A2 (en) 2009-02-05
KR100918626B1 (en) 2009-09-25
TWI419005B (en) 2013-12-11
WO2009017382A3 (en) 2009-04-16
KR20090013483A (en) 2009-02-05

Similar Documents

Publication Publication Date Title
Costin et al. Automated dynamic firmware analysis at scale: a case study on embedded web interfaces
US10447730B2 (en) Detection of SQL injection attacks
JP2018142372A (en) System and method for automated memory and thread execution anomaly detection in computer network
Barmpatsalou et al. A critical review of 7 years of Mobile Device Forensics
US8978137B2 (en) Method and apparatus for retroactively detecting malicious or otherwise undesirable software
JP5454715B2 (en) Virtual machine operation system, virtual machine operation method and program
Arshad et al. Samadroid: a novel 3-level hybrid malware detection model for android operating system
US9424428B2 (en) Method and system for real time classification of events in computer integrity system
US10235524B2 (en) Methods and apparatus for identifying and removing malicious applications
Caballero et al. Measuring pay-per-install: the commoditization of malware distribution.
US9348998B2 (en) System and methods for detecting harmful files of different formats in virtual environments
CN101213555B (en) Methods and apparatus for dealing with malware
Comparetti et al. Identifying dormant functionality in malware programs
US8056136B1 (en) System and method for detection of malware and management of malware-related information
US8689330B2 (en) Instant messaging malware protection
CN101714931B (en) Early warning method, device and system of unknown malicious code
KR101620931B1 (en) Similar malicious code retrieval apparatus and method based on malicious code feature information
KR20160114037A (en) Automated runtime detection of malware
AU2004202974B2 (en) Automatic detection and patching of vulnerable files
US7472420B1 (en) Method and system for detection of previously unknown malware components
US7089552B2 (en) System and method for verifying installed software
CN101986323B (en) Method and system for detection of previously unknown malware
CN1740945B (en) Method and system for identifying potential unwanted software
US8713680B2 (en) Method and apparatus for modeling computer program behaviour for behavioural detection of malicious program
RU2530210C2 (en) System and method for detecting malware preventing standard user interaction with operating system interface

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
C14 Grant of patent or utility model
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120718

Termination date: 20170801

CF01 Termination of patent right due to non-payment of annual fee