CN103632097A - Security threat processing method of portable mobile terminal - Google Patents
Security threat processing method of portable mobile terminal Download PDFInfo
- Publication number
- CN103632097A CN103632097A CN201310684670.5A CN201310684670A CN103632097A CN 103632097 A CN103632097 A CN 103632097A CN 201310684670 A CN201310684670 A CN 201310684670A CN 103632097 A CN103632097 A CN 103632097A
- Authority
- CN
- China
- Prior art keywords
- security threat
- data
- local
- clouds
- threat
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses a security threat processing method of a portable mobile terminal. The method comprises the following steps: locally building a light security threat database, matching suspect data, directly processing the suspect data when successfully matching, sending the suspect data to a cloud end when not successfully matching, matching the suspect data with a security threat database of the cloud end by the cloud end, and further processing according to a matching result; no matter cloud-end matching or local matching exists, performing frequency updating on feature information corresponding to the suspect data, and updating the local security threat database according to frequency information to relatively fix the volume of the local security threat database. According to the security threat processing method, most of calculation tasks of security threat processing tasks are transferred to a cloud-end server in a manner of combining cloud computing with terminal detection, so that the performance consumption of the terminal is greatly reduced.
Description
Technical field
The present invention relates to a kind of terminal security and threaten disposal route, particularly relate to a kind of portable mobile termianl security threat disposal route.
Background technology
Along with constantly popularizing of the mobile terminals such as smart mobile phone, panel computer, the develop rapidly of development of Mobile Internet technology, it is very powerful that the function of mobile phone becomes, become more intelligent, complicated, personalized, popular and networking, and surfing Internet with cell phone user is also at rapid growth.Exactly because also these features, portable mobile termianl, particularly smart mobile phone also more hold easily infected virus.These viruses can cause a series of problem, all bring very large harm to individual and society.
Along with the development of cloud computing, cloud security is also more and more extensive in the application of smart mobile phone security fields as cloud computing.Domestic and international outstanding anti-viral software company; the main flow framework adopting is to detect in mobile terminal this locality; in this locality, set up virus characteristic storehouse; by setting up the method for feature database, can only identify the known Malwares such as virus like this; can not identify emerging virus or new mutation, therefore such guard method imperfection.And along with the increase of the Malware quantity such as virus, the feature in feature database is constantly accumulated, feature database can be more and more huger, and while carrying out characteristic matching, recall precision is more and more lower, to the performance impact of intelligent mobile phone system, also will be more and more serious.Cause mobile phone to threaten and can not well detect, therefore can not effectively solve the full spectrum of threats that smart mobile phone is existed.
Summary of the invention
For above-mentioned the deficiencies in the prior art, the object of this invention is to provide a kind of portable mobile termianl security threat disposal route, solve huge local threat data storehouse and local threaten to process affectedly to a large amount of consumption of system resource, cause security threat timely and effectively to process, and have a strong impact on the problem of system effectiveness.
Technical scheme of the present invention is such: a kind of portable mobile termianl security threat disposal route, it is characterized in that, and comprise the following steps:
1) suspicious data in the access of mobile terminal local monitor, carries out local characteristic matching by the threat information in suspicious data and local security threat data storehouse;
2), if local characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of the security threat data of correspondence in local interim data base;
3) if the failure of local characteristic matching sends suspicious data to high in the clouds, the threat information of suspicious data and high in the clouds security threat database is carried out to high in the clouds characteristic matching;
4), if high in the clouds characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of security threat data corresponding in interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base;
5) if the failure of high in the clouds characteristic matching, by high in the clouds, suspicious data is analyzed, judgement threat types, characteristic information extraction, information is fed back to this locality, according to predefined security strategy or inquiry user, process, and upgrade the frequency information of security threat data corresponding in high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base.
Preferably, the renewal high in the clouds security threat database described in step 4) and step 5), interim threat information storehouse, high in the clouds, local security threat data storehouse refer to the characteristic information of suspicious data are added into high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse.
Preferably, renewal local security threat data storehouse described in step 4) and step 5) refers to judgement local security threat data storehouse volume, as fruit volume is greater than while presetting size, according to the frequency information of security threat data in the interim data base in this locality, delete low frequency security threat data, add the characteristic information of current suspicious data; Otherwise directly the characteristic information of suspicious data is added into local security threat data storehouse.
Technical scheme provided by the present invention, for the limited storage capacity of portable mobile termianl, computing power and battery capacity etc., the mode that adopts cloud computing and mobile terminal to combine, most of calculation task of virus and other safe preventions is moved to cloud server, as a kind of cloud service, to user, provide, at mobile terminal, realize the detection to file, construct lightweight security threat database and to its renewal, in design when the Xiang high in the clouds, local security threat data storehouse of mobile terminal processing server obtains relevant updates, according to the cycle statistics to security threat, add the threat characteristics often occurring in the recent period and delete the security threat feature the most seldom occurring in the recent period simultaneously, to guarantee the local security threat data storehouse small volume of mobile terminal, detection speed is very fast, thereby when improving viral detection efficiency, effectively reduce the consumption of traditional antivirus software to system performance.
Accompanying drawing explanation
Fig. 1 is portable mobile termianl of the present invention this locality and high in the clouds configuration diagram.
Fig. 2 is security threat process flow figure of the present invention.
Embodiment
Below in conjunction with embodiment, the invention will be further described, but not as a limitation of the invention.
Refer to Fig. 1, the reduced price of whole portable mobile termianl security threat has comprised terminal this locality and high in the clouds two parts, and part comprises beyond the clouds:
Feedback response module: the suspicious data sample that feedback response module is responsible for submitting to receiving terminal meets at analysis module or suspicious data sample and high in the clouds security threat database are carried out to characteristic matching, and feedback-related information;
Analysis module: be responsible for suspicious data sample to analyze, judgement threat types, characteristic information extraction, and by result feedback to feedback response module;
Threat data management: threat data administration module is responsible for the increase of threat information in high in the clouds threat safety database, deletion, modification etc.;
High in the clouds security threat database: storage, to the local full spectrum of threats characteristic information producing of terminal, comprises the characteristic information of virus and Malware etc.;
Policy library: store the processing policy of threat information, and security strategy inquiry, the matching feature of standard are provided;
Interim threat information storehouse, high in the clouds: the security threat information that storage the most often occurs recently.
Terminal local part comprises monitoring module: when monitoring module carries out the operations such as mail reception, access websites user, the apocrypha that may occur in responsible monitoring access, virus etc., and the suspicious data of generation is mated in the threat information in local security threat data storehouse, if the match is successful, according to the security strategy of policy library or inquiry user, decide subsequent treatment, upgrade the frequency information in local interim data base; If it fails to match, apocrypha sample information is uploaded to high in the clouds and carries out subsequent treatment;
User's respond module: process or send inquiry to user according to policy library strategy, and carrying out next step processing according to user's selection;
Threat data management: according to the threat safety statistics data from high in the clouds, to threatening the viral increase threatening, deletion etc. in safety database;
Local security threat data storehouse: this module is the database of a lightweight, is responsible for storage and threatens safe characteristic feature information, and provides the virus of standard to threaten inquiry, matching feature, and its volume size is fixing, and content is constantly updated;
Interim data base: the frequency information that storage threat information occurs in the near future etc., be convenient to threat storehouse, this locality to realize pseudo-renewal, namely keep volume size constant.
Incorporated by reference to Fig. 2, when first portable mobile termianl security threat disposal route carries out the operations such as mail reception, access websites by terminal local monitor module user, file is scanned and comprises all kinds of transmission data, document, executable program, multimedia file etc., judge whether to exist suspicious data.As do not found, can data skip, enter next scanning monitoring; If find suspicious data, the data in itself and local security threat data storehouse are contrasted to inquiry.If local characteristic matching success, according to predefined security strategy, process or inquire user by user's respond module, according to user, select to be for further processing, the frequency information of corresponding security threat data in the local interim data base of local threat data administration module renewal.If the failure of local characteristic matching, sends suspicious data to high in the clouds feedback response module, by feedback response module, be responsible for the suspicious data sample submitted to receiving terminal also and high in the clouds security threat database carries out characteristic matching.If high in the clouds characteristic matching success, by result feedback to high in the clouds feedback response module, then be back to terminal this locality, according to predefined security strategy, process or by user's respond module inquiry user, according to user, select to be for further processing.By high in the clouds threat data administration module, upgrade interim threat information storehouse, high in the clouds, the frequency information of corresponding security threat data in the local interim data base of local threat data administration module renewal, and according to this frequency information, delete the threat data not being matched for a long time in local security threat data storehouse, the threat data of up-to-date coupling is added to database, with this, maintains the relatively-stationary volume in one, local security threat data storehouse.When the failure of high in the clouds characteristic matching, by feedback response module, suspicious data sample is sent to analysis module analysis, judgement threat types, characteristic information extraction, then by feedback response module, be back to terminal this locality again, according to predefined security strategy, process or by user's respond module inquiry user, according to user, select to be for further processing.High in the clouds threat data administration module upgrades high in the clouds security threat database and interim threat information storehouse, high in the clouds simultaneously, and local threat data administration module upgrades local security threat data storehouse and local interim data base.By above security threat disposal route, in this locality, create and renewal lightweight security threat database, add up the frequency size that nearest threat characteristics occurs, for threatening the renewal of security vault to delete, provide according to keeping the volume in security threat storehouse to fix, threat information is constantly updated, detection speed is very fast, thereby when improving viral detection efficiency, effectively reduces the consumption of traditional antivirus software to system performance.
Claims (3)
1. a portable mobile termianl security threat disposal route, is characterized in that, comprises the following steps:
1) suspicious data in the access of mobile terminal local monitor, carries out local characteristic matching by the threat information in suspicious data and local security threat data storehouse;
2), if local characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of the security threat data of correspondence in local interim data base;
3) if the failure of local characteristic matching sends suspicious data to high in the clouds, the threat information of suspicious data and high in the clouds security threat database is carried out to high in the clouds characteristic matching;
4), if high in the clouds characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of security threat data corresponding in interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base;
5) if the failure of high in the clouds characteristic matching, by high in the clouds, suspicious data is analyzed, judgement threat types, characteristic information extraction, information is fed back to this locality, according to predefined security strategy or inquiry user, process, and upgrade the frequency information of security threat data corresponding in high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base.
2. portable mobile termianl security threat disposal route according to claim 1, is characterized in that: the renewal high in the clouds security threat database described in step 4) and step 5), interim threat information storehouse, high in the clouds, local security threat data storehouse refer to the characteristic information of suspicious data is added into high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse.
3. portable mobile termianl security threat disposal route according to claim 1, it is characterized in that: the renewal local security threat data storehouse described in step 4) and step 5) refers to judgement local security threat data storehouse volume, as fruit volume is greater than while presetting size, according to the frequency information of security threat data in the interim data base in this locality, delete low frequency security threat data, add the characteristic information of current suspicious data; Otherwise directly the characteristic information of suspicious data is added into local security threat data storehouse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310684670.5A CN103632097A (en) | 2013-12-13 | 2013-12-13 | Security threat processing method of portable mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310684670.5A CN103632097A (en) | 2013-12-13 | 2013-12-13 | Security threat processing method of portable mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103632097A true CN103632097A (en) | 2014-03-12 |
Family
ID=50213133
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310684670.5A Pending CN103632097A (en) | 2013-12-13 | 2013-12-13 | Security threat processing method of portable mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103632097A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104732148A (en) * | 2015-04-14 | 2015-06-24 | 北京汉柏科技有限公司 | Distributed searching and killing method and system |
| CN105262739A (en) * | 2015-09-25 | 2016-01-20 | 上海斐讯数据通信技术有限公司 | Security defense method, terminal, server, and system |
| WO2017008608A1 (en) * | 2015-07-10 | 2017-01-19 | 腾讯科技(深圳)有限公司 | Cloud service based security information acquisition method for mobile terminal, terminal and storage medium, cloud service based security information delivery method for mobile terminal, and server |
| CN106878262A (en) * | 2016-12-19 | 2017-06-20 | 新华三技术有限公司 | Message detecting method and device, the method and device for setting up high in the clouds threat information bank |
| CN107770125A (en) * | 2016-08-16 | 2018-03-06 | 深圳市深信服电子科技有限公司 | A kind of network security emergency response method and emergency response platform |
| CN108133148A (en) * | 2017-12-22 | 2018-06-08 | 北京明朝万达科技股份有限公司 | Data safety inspection method and system |
| CN108206828A (en) * | 2017-12-28 | 2018-06-26 | 浙江宇视科技有限公司 | A kind of double monitoring method of controlling security and system |
| CN110287701A (en) * | 2019-06-28 | 2019-09-27 | 深信服科技股份有限公司 | A kind of malicious file detection method, device, system and associated component |
| CN110519221A (en) * | 2019-07-12 | 2019-11-29 | 苏州浪潮智能科技有限公司 | A kind of pair of host carries out the method, apparatus and management system of safeguard protection |
| CN115334078A (en) * | 2022-08-10 | 2022-11-11 | 重庆电子工程职业学院 | Information processing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
| CN103281301A (en) * | 2013-04-28 | 2013-09-04 | 上海海事大学 | System and method for judging cloud safety malicious program |
| CN103391520A (en) * | 2012-05-08 | 2013-11-13 | 腾讯科技(深圳)有限公司 | Method, terminal, server and system for intercepting malicious short message |
| CN103400076A (en) * | 2013-07-30 | 2013-11-20 | 腾讯科技(深圳)有限公司 | Method, device and system for detecting malicious software on mobile terminal |
-
2013
- 2013-12-13 CN CN201310684670.5A patent/CN103632097A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102663284A (en) * | 2012-03-21 | 2012-09-12 | 南京邮电大学 | Malicious code identification method based on cloud computing |
| CN103391520A (en) * | 2012-05-08 | 2013-11-13 | 腾讯科技(深圳)有限公司 | Method, terminal, server and system for intercepting malicious short message |
| CN103281301A (en) * | 2013-04-28 | 2013-09-04 | 上海海事大学 | System and method for judging cloud safety malicious program |
| CN103400076A (en) * | 2013-07-30 | 2013-11-20 | 腾讯科技(深圳)有限公司 | Method, device and system for detecting malicious software on mobile terminal |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104732148A (en) * | 2015-04-14 | 2015-06-24 | 北京汉柏科技有限公司 | Distributed searching and killing method and system |
| WO2017008608A1 (en) * | 2015-07-10 | 2017-01-19 | 腾讯科技(深圳)有限公司 | Cloud service based security information acquisition method for mobile terminal, terminal and storage medium, cloud service based security information delivery method for mobile terminal, and server |
| US10554673B2 (en) | 2015-07-10 | 2020-02-04 | Tencent Technology (Shenzhen) Company Limited | Methods and apparatuses for obtaining and delivering mobile terminal security information based on a cloud service |
| CN105262739A (en) * | 2015-09-25 | 2016-01-20 | 上海斐讯数据通信技术有限公司 | Security defense method, terminal, server, and system |
| CN107770125A (en) * | 2016-08-16 | 2018-03-06 | 深圳市深信服电子科技有限公司 | A kind of network security emergency response method and emergency response platform |
| CN106878262A (en) * | 2016-12-19 | 2017-06-20 | 新华三技术有限公司 | Message detecting method and device, the method and device for setting up high in the clouds threat information bank |
| CN108133148A (en) * | 2017-12-22 | 2018-06-08 | 北京明朝万达科技股份有限公司 | Data safety inspection method and system |
| CN108206828A (en) * | 2017-12-28 | 2018-06-26 | 浙江宇视科技有限公司 | A kind of double monitoring method of controlling security and system |
| CN108206828B (en) * | 2017-12-28 | 2021-03-09 | 浙江宇视科技有限公司 | Dual-monitoring safety control method and system |
| CN110287701A (en) * | 2019-06-28 | 2019-09-27 | 深信服科技股份有限公司 | A kind of malicious file detection method, device, system and associated component |
| CN110519221A (en) * | 2019-07-12 | 2019-11-29 | 苏州浪潮智能科技有限公司 | A kind of pair of host carries out the method, apparatus and management system of safeguard protection |
| CN115334078A (en) * | 2022-08-10 | 2022-11-11 | 重庆电子工程职业学院 | Information processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103632097A (en) | Security threat processing method of portable mobile terminal | |
| CN103400076B (en) | Malware detection methods, devices and systems on a kind of mobile terminal | |
| CN101923617B (en) | Cloud-based sample database dynamic maintaining method | |
| CN102819713B (en) | A kind of method and system detecting bullet window safe | |
| US20160241589A1 (en) | Method and apparatus for identifying malicious website | |
| CN107786564B (en) | Attack detection method and system based on threat intelligence and electronic equipment | |
| CN102609515B (en) | Quick file scanning method and quick file scanning system | |
| KR20180085756A (en) | Order Clustering and Malicious Information Fighting Methods and Devices | |
| CN102609653B (en) | File quick-scanning method and file quick-scanning system | |
| WO2015043428A1 (en) | Method, system, browser and proxy server for loading webpage | |
| US20120290555A1 (en) | Method, System and Apparatus of Hybrid Federated Search | |
| CN102413142A (en) | Active defense method based on cloud platform | |
| WO2012113272A1 (en) | Method, system and device for improving security of terminal when surfing internet | |
| CN103023871B (en) | Android privilege escalation attack detection system and method based on cloud platform | |
| CN102594809B (en) | Method and system for rapidly scanning files | |
| CN102708309A (en) | Automatic malicious code analysis method and system | |
| EP2605174B1 (en) | Apparatus and method for analyzing malware in data analysis system | |
| CN103632084A (en) | Building method for malicious feature data base, malicious object detecting method and device of malicious feature data base | |
| CN103391520B (en) | A kind ofly tackle the malice method of note, terminal, server and system | |
| CN103366117A (en) | Repairing method and system for files infected by infectious viruses | |
| CN103384240A (en) | P2P active defense method and system | |
| CN114465741B (en) | Abnormality detection method, abnormality detection device, computer equipment and storage medium | |
| CN109474510B (en) | Mailbox safety cross audit method, system and storage medium | |
| CN103246847A (en) | Method and device for scanning and killing macro viruses | |
| US20240179180A1 (en) | Phishing email campaign identification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140312 |