CN103150510A - Method and device for processing malicious behaviors of software - Google Patents
Method and device for processing malicious behaviors of software Download PDFInfo
- Publication number
- CN103150510A CN103150510A CN2013100866160A CN201310086616A CN103150510A CN 103150510 A CN103150510 A CN 103150510A CN 2013100866160 A CN2013100866160 A CN 2013100866160A CN 201310086616 A CN201310086616 A CN 201310086616A CN 103150510 A CN103150510 A CN 103150510A
- Authority
- CN
- China
- Prior art keywords
- malicious act
- malware
- software
- classification
- malicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method and a device for processing malicious behaviors of software, wherein the method comprises the following steps: scanning software to obtain a scanning result; analyzing the malicious software in the scanning result, and classifying the malicious software according to a preset malicious behavior category; and displaying the malicious behavior category and information of the malicious software under the malicious behavior category. By classifying the malicious software and displaying the name, the icon and the virus name of the displayed malicious software, a user can know which software has malicious behaviors, the safety identification degree of the user on the mobile phone software is improved, and the user can further process the malicious software conveniently.
Description
Technical field
The present invention relates to field of computer information security, especially a kind of disposal route of software malicious act and device.
Background technology
Along with constantly popularizing of smart mobile phone, mobile phone viruses becomes the next target of virus development.Mobile phone viruses is a kind of destructive program, and the same with computer virus (program) have infectiousness, a destructiveness.Mobile phone viruses can utilize and send note, multimedia message, and Email browses web sites, and downloads the tinkle of bells, and the modes such as bluetooth are propagated.Mobile phone viruses may cause user mobile phone deadlock, shutdown, data to be deleted, outwards sends spam, call etc., even also can damage the hardware such as SIM card, chip.Along with the development of mobile phone, the increasing of handset program, mobile phone safety more and more is subject to people's spectators.
Mobile phone viruses has multiple malicious act at present, and each malicious act is different for user's influence degree.The user is also different for the acceptance level of various malicious acts.As shown in Figure 1, existing security protection software can only be told the Mobile phone program and whether comprise the malicious act code, can not pass to exactly the meaning of client's malicious act code representative, the user can't learn that the malicious act of handset program is on user's impact.Can not accurately know for the malicious act that various mobile phone rogue programs produce.
Summary of the invention
Purpose of the present invention overcomes the deficiencies in the prior art exactly, provides to show intuitively various malicious act classifications disposal route and the device of a kind of software malicious act of the information of the Malware that comprises under the malicious act classification.
In order to achieve the above object, adopt following technical scheme:
A kind of disposal route of software malicious act comprises the following steps:
Step 1: scanning software obtains scanning result;
Step 2: the Malware in the analysis scan result, Malware is sorted out according to default malicious act classification;
Step 3: the information that shows the Malware under described malicious act classification and described malicious act classification.
Further, described step 1 comprises: utilize the fail-safe software scanning software, obtaining the described software of fail-safe software judgement is the scanning result of normal software or Malware.
Further, described step 2 comprises the following steps:
Extract the malicious act code of Malware;
Malware is included into the default malicious act classification that comprises described malicious act code.
Further, described information comprises one or more information in the malice handset program quantity of virus name, Malware set-up time or described malicious act classification of icon, Malware of installation kit name, the Malware of title, the Malware of Malware.
A kind for the treatment of apparatus of software malicious act comprises:
Scan module is used for scanning software, obtains scanning result;
Analyze classifying module, be used for the Malware of analysis scan result, Malware is sorted out according to default malicious act classification;
Display module is for the information that shows the Malware under described malicious act classification and described malicious act classification.
Further, described default malicious act classification comprises one or more classifications that consume in rate class, backstage popularization class, privacy leakage class, system destruction class or Long-distance Control class.
Further, described classification classifying module comprises analytic unit, sorts out unit and malicious act code database; Described analytic unit is used for extracting the malicious act code of Malware, described malicious act code database is used for storage malicious act code, the malicious act code of the malicious act code that described classification unit is used for more described Malware and default malicious act classification is included into the malicious act code of Malware the malicious act classification at identical with it malicious act code place.
Further, described information comprises one or more information in the malice handset program quantity of virus name, Malware set-up time or described malicious act classification of icon, Malware of installation kit name, the Malware of title, the Malware of Malware.
Compared with prior art, beneficial effect of the present invention is:
The present invention can show various malicious act classifications intuitively, the information such as quantity of Malware under the title of the Malware that comprises under the malicious act classification, virus name, icon and this classification.The user can learn which kind of malicious act various malice handset programs have, the impact of this malicious act on the user from the malicious act classification that shows.
Description of drawings
Fig. 1 is the display effect figure that prior art shows the malice handset program;
Fig. 2 is the process flow diagram of the disposal route of software malicious act of the present invention;
Fig. 3 is the display effect figure of the disposal route of software malicious act of the present invention;
Fig. 4 is the module map of the treating apparatus of software malicious act of the present invention.
Diagram: 1-scan module; 2-analysis classifying module; 21-analytic unit; 22-classification unit; 23-malicious act code database; 3-display module.
Embodiment
Describe the present invention in detail below in conjunction with accompanying drawing and specific implementation method, be used for explaining the present invention in schematic enforcement of the present invention and explanation, but not as a limitation of the invention.
See also Fig. 1, it is that existing software is to the design sketch of the processing of malicious act.
See also Fig. 2, it shows the flow chart of steps of method for a kind of processing to the software malicious act of the present invention, comprise the following steps:
S1: the scanning cell phone program obtains scanning result.
Particularly, utilize the mobile phone fail-safe software that handset program is scanned, obtaining mobile phone fail-safe software judgement handset program is the scanning result of malice handset program or normal handset program.
S2: the malice handset program in the analysis scan result, the malice handset program is sorted out according to default malicious act classification.
Particularly, the malice handset program in the analysis scan result, actual be malicious act code and default malicious act classification by extracting the malice handset program the malicious act code relatively.Described malicious act classification comprises and is not limited only to consume that rate class, backstage are promoted class, privacy is revealed one or more classifications in class, system destruction class or Long-distance Control class etc.Concrete classification can be done different adjustment according to different security situations and consumers' opinions.If described malicious act code is identical with the malicious act code of any malicious act classification, the malice handset program at malicious act code place is included into described malicious act classification.For example, the mobile phone fail-safe software is found a malice handset program, extract the malicious act code of this malice handset program, with the malicious act code in malicious act code and all malicious act classification relatively, if in comparative result, this malicious act code is identical with the malicious act code that consumes the rate class, should be included in consumption rate class by the malice handset program.The malicious act of described consumption rate class comprises the behavior of deducting fees that allows without the user, is in particular in automatic networking, automatically subscribes to value-added service etc.Described backstage is promoted class and is comprised without the user and allow to read beyond the clouds promotion message, and be arranged on mobile phone by recommendation or default installation form, be in particular in by display advertising or font advertisement promotion, be connected to corresponding popularization address, watch picture, word or click to realize the popularization of advertising message by the user.Described privacy is revealed class and is comprised without the user and allow to read the fileinfo in mobile phone and be uploaded to high in the clouds; Described system destruction class comprises that the setting of change system causes system to work; Described Long-distance Control class is included in far-end connection mobile phone and realizes remote controlling mobile phone etc.
S3: the information that shows the malice handset program under described malicious act classification and described malicious act classification.
Particularly, the information that shows the malice handset program under described malicious act classification and described malicious act classification, described information comprise and are not limited only to one or more information in the malice handset program quantity of virus name, Malware set-up time or described malicious act classification of icon, Malware of installation kit name, the Malware of title, the Malware of Malware.As shown in Figure 3, show the malice handset program quantity under malicious act classification, this malicious act classification, show icon, title and the virus name of each malice handset program.
See also Fig. 4, it is a kind of classification display device to the handset program malicious act, and it comprises scan module 1, analyzes classifying module 2 and display module 3.
Described scan module 1 is used for utilizing the mobile phone fail-safe software that handset program is scanned, and obtaining mobile phone fail-safe software judgement handset program is the scanning result of malice handset program or normal handset program.Scan module 1 is sent to the malice handset program and analyzes classifying module 2.
Analyze the malice handset program that classifying module 2 is used for the analysis scan result, the malice handset program is sorted out according to default malicious act classification.Described analysis classifying module 2 comprises analytic unit 21, sorts out unit 22 and malicious act code database 23.Described analytic unit 21 extracts the malicious act code of malice handset program, is sent to sort out unit 22.Described malicious act code database 23 storage malicious act codes.The malicious act code of 22 comparative analysis unit 21, described classification unit and default malicious act code database 23 storage malicious act codes, if described malicious act code is identical with the malicious act code of any malicious act classification, the malice handset program at malicious act code place is included into described malicious act classification.Described default malicious act classification comprises one or more classifications that consume in rate class, backstage popularization class, privacy leakage class, system destruction class or Long-distance Control class etc.Concrete classification can be done different adjustment according to different security situations and consumers' opinions.The malicious act of described consumption rate class comprises the behavior of deducting fees that allows without the user, comprises automatically the behavior of sending short messages, consuming surfing flow.Described backstage is promoted class and is comprised the permission without the user, reads beyond the clouds promotion message.For example software is directly installed or is recommended and installs.The malice handset program is in particular in by display advertising or font advertisement promotion by recommending or the default installation form is arranged on mobile phone, is connected to corresponding popularization address, watches picture, word or click to realize the popularization of advertising message by the user.Described privacy is revealed class and is comprised without the user and allow to read the fileinfo in mobile phone and be uploaded to high in the clouds.Described fileinfo comprises the geographic position, message registration, contacts list, phone number, mobile phone state, ID etc.Described system destruction class comprises that the setting of change system causes system to work; Described Long-distance Control class is included in far-end connection mobile phone and realizes remote controlling mobile phone etc.
The user can learn that by title, icon and the virus name of the malice handset program that shows concrete which kind of handset program is the malice handset program, and which kind of malicious act this malice handset program has.The user can draw a basic concept and determine which malicious act can not receive by these classification, then pin utilizes the mobile phone fail-safe software operation such as to forbid to these malicious acts.
The above technical scheme that the embodiment of the present invention is provided is described in detail, used specific case herein principle and the embodiment of the embodiment of the present invention are set forth, the explanation of above embodiment is only applicable to help to understand the principle of the embodiment of the present invention; Simultaneously, for one of ordinary skill in the art, according to the embodiment of the present invention, all will change on embodiment and range of application, in sum, this description should not be construed as limitation of the present invention.
Claims (8)
1. the disposal route of a software malicious act, is characterized in that, comprises the following steps:
Step 1: scanning software obtains scanning result;
Step 2: the Malware in the analysis scan result, Malware is sorted out according to default malicious act classification;
Step 3: the information that shows the Malware under described malicious act classification and described malicious act classification.
2. the disposal route of software malicious act according to claim 1, is characterized in that, described step 1 comprises:
Utilize the fail-safe software scanning software, obtaining the described software of fail-safe software judgement is the scanning result of normal software or Malware.
3. the disposal route of the software malicious act of stating according to claim 1 is characterized in that, described step 2 comprises the following steps:
Extract the malicious act code of Malware;
Malware is included into the default malicious act classification that comprises described malicious act code.
4. the disposal route of software malicious act according to claim 1 is characterized in that: described information comprises one or more information in the malice handset program quantity of virus name, Malware set-up time or described malicious act classification of icon, Malware of installation kit name, the Malware of title, the Malware of Malware.
5. the treating apparatus of a software malicious act, is characterized in that, comprising:
Scan module is used for scanning software, obtains scanning result;
Analyze classifying module, be used for the Malware of analysis scan result, Malware is sorted out according to default malicious act classification;
Display module is for the information that shows the Malware under described malicious act classification and described malicious act classification.
6. the treating apparatus of software malicious act according to claim 5, its feature exists: described default malicious act classification comprises and consumes that rate class, backstage are promoted class, privacy is revealed one or more classifications in class, system destruction class or Long-distance Control class.
7. the treating apparatus of software malicious act according to claim 5 is characterized in that: described classification classifying module comprises analytic unit, sorts out unit and malicious act code database; Described analytic unit is used for extracting the malicious act code of Malware, described malicious act code database is used for storage malicious act code, the malicious act code of the malicious act code that described classification unit is used for more described Malware and default malicious act classification is included into the malicious act code of Malware the malicious act classification at identical with it malicious act code place.
8. the treating apparatus of software malicious act according to claim 5 is characterized in that: described information comprises one or more information in the malice handset program quantity of virus name, Malware set-up time or described malicious act classification of icon, Malware of installation kit name, the Malware of title, the Malware of Malware.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100866160A CN103150510A (en) | 2013-03-18 | 2013-03-18 | Method and device for processing malicious behaviors of software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100866160A CN103150510A (en) | 2013-03-18 | 2013-03-18 | Method and device for processing malicious behaviors of software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103150510A true CN103150510A (en) | 2013-06-12 |
Family
ID=48548582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100866160A Pending CN103150510A (en) | 2013-03-18 | 2013-03-18 | Method and device for processing malicious behaviors of software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103150510A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103500311A (en) * | 2013-09-30 | 2014-01-08 | 北京金山网络科技有限公司 | Software testing method and system |
| CN103646213A (en) * | 2013-09-26 | 2014-03-19 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for classifying malicious software |
| CN104866770A (en) * | 2014-02-20 | 2015-08-26 | 腾讯科技(深圳)有限公司 | Sensitive data scanning method and sensitive data scanning system |
| CN106934284A (en) * | 2015-12-30 | 2017-07-07 | 北京金山安全软件有限公司 | Application program detection method and device and terminal |
| CN107045609A (en) * | 2017-04-28 | 2017-08-15 | 努比亚技术有限公司 | Method, storage medium and the mobile terminal of detecting system security |
| CN107368856A (en) * | 2017-07-25 | 2017-11-21 | 深信服科技股份有限公司 | Clustering method and device, the computer installation and readable storage medium storing program for executing of Malware |
| CN110390185A (en) * | 2018-04-20 | 2019-10-29 | 武汉安天信息技术有限责任公司 | Packet is beaten again using detection method, regular base construction method and relevant apparatus |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101304426A (en) * | 2008-07-10 | 2008-11-12 | 腾讯科技(深圳)有限公司 | Method and device for recognizing and reporting questionable document |
| US20100269178A1 (en) * | 2005-10-06 | 2010-10-21 | Ogilvie John W | Detecting Surreptitious Spyware |
| US20120317217A1 (en) * | 2009-06-22 | 2012-12-13 | United Parents Online Ltd. | Methods and systems for managing virtual identities |
| CN102110220B (en) * | 2011-02-14 | 2013-01-23 | 宇龙计算机通信科技(深圳)有限公司 | Application program monitoring method and device |
-
2013
- 2013-03-18 CN CN2013100866160A patent/CN103150510A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100269178A1 (en) * | 2005-10-06 | 2010-10-21 | Ogilvie John W | Detecting Surreptitious Spyware |
| CN101304426A (en) * | 2008-07-10 | 2008-11-12 | 腾讯科技(深圳)有限公司 | Method and device for recognizing and reporting questionable document |
| US20120317217A1 (en) * | 2009-06-22 | 2012-12-13 | United Parents Online Ltd. | Methods and systems for managing virtual identities |
| CN102110220B (en) * | 2011-02-14 | 2013-01-23 | 宇龙计算机通信科技(深圳)有限公司 | Application program monitoring method and device |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103646213A (en) * | 2013-09-26 | 2014-03-19 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for classifying malicious software |
| CN103646213B (en) * | 2013-09-26 | 2016-06-01 | 北京神州绿盟信息安全科技股份有限公司 | The sorting technique of a kind of malice software and device |
| CN103500311A (en) * | 2013-09-30 | 2014-01-08 | 北京金山网络科技有限公司 | Software testing method and system |
| CN103500311B (en) * | 2013-09-30 | 2016-08-31 | 北京金山网络科技有限公司 | software detecting method and system |
| CN104866770A (en) * | 2014-02-20 | 2015-08-26 | 腾讯科技(深圳)有限公司 | Sensitive data scanning method and sensitive data scanning system |
| CN104866770B (en) * | 2014-02-20 | 2020-12-04 | 腾讯科技(深圳)有限公司 | Sensitive data scanning method and system |
| CN106934284A (en) * | 2015-12-30 | 2017-07-07 | 北京金山安全软件有限公司 | Application program detection method and device and terminal |
| CN106934284B (en) * | 2015-12-30 | 2020-02-11 | 北京金山安全软件有限公司 | Application program detection method and device and terminal |
| CN107045609A (en) * | 2017-04-28 | 2017-08-15 | 努比亚技术有限公司 | Method, storage medium and the mobile terminal of detecting system security |
| CN107368856A (en) * | 2017-07-25 | 2017-11-21 | 深信服科技股份有限公司 | Clustering method and device, the computer installation and readable storage medium storing program for executing of Malware |
| CN110390185A (en) * | 2018-04-20 | 2019-10-29 | 武汉安天信息技术有限责任公司 | Packet is beaten again using detection method, regular base construction method and relevant apparatus |
| CN110390185B (en) * | 2018-04-20 | 2022-08-09 | 武汉安天信息技术有限责任公司 | Repackaging application detection method, rule base construction method and related device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103150510A (en) | Method and device for processing malicious behaviors of software | |
| CN108701038B (en) | Method for displaying advertisement by terminal, terminal and advertisement delivery system | |
| US8769030B2 (en) | Device event notification registration through direct interaction with mobile device | |
| CN102063299A (en) | Method and device for assessing application running condition of mobile terminal, mobile terminal | |
| US20120222120A1 (en) | Malware detection method and mobile terminal realizing the same | |
| KR102355973B1 (en) | Apparatus and method for detecting smishing message | |
| CN105323261A (en) | Data detection method and device | |
| CN104717616A (en) | Push message management method and device | |
| CN104580133A (en) | Malicious program protection method and system and filtering table updating method thereof | |
| CN103118326A (en) | Information pushing method, information pushing device and information pushing system based on geographical location information | |
| CN104615731A (en) | Two-dimension code display method and system | |
| CN102541853A (en) | Method and device which are capable of obtaining application information by utilizing browser address bar | |
| CN102799643A (en) | Mobile platform advertisement filtering method | |
| CN103369486A (en) | System and method for preventing fraud SMS (Short message Service) message | |
| CN107145780A (en) | Malware detection method and device | |
| US20160026728A1 (en) | Interaction Method And Device Between Browsers And Browser | |
| CN103533522A (en) | Short message auditing method and system | |
| CN102340424A (en) | Bad message detection method and bad message detection device | |
| CN105975861A (en) | Application detection method and device | |
| KR20140078013A (en) | Method and system for providing coupon service | |
| US20160055336A1 (en) | System for preventing malicious intrusion based on smart device and method thereof | |
| CN103354540A (en) | Method and device for detecting malicious codes of android system | |
| CN103220277A (en) | Method, device and system for monitoring cross site scripting attacks | |
| CN105207842B (en) | The method and system of the plug-in feature detection of Android | |
| CN103366150A (en) | Barcode recognition method for mobile terminal and mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130612 |