CN103632097A - Security threat processing method of portable mobile terminal - Google Patents

Security threat processing method of portable mobile terminal Download PDF

Info

Publication number
CN103632097A
CN103632097A CN201310684670.5A CN201310684670A CN103632097A CN 103632097 A CN103632097 A CN 103632097A CN 201310684670 A CN201310684670 A CN 201310684670A CN 103632097 A CN103632097 A CN 103632097A
Authority
CN
China
Prior art keywords
security threat
local
data
clouds
high
Prior art date
Application number
CN201310684670.5A
Other languages
Chinese (zh)
Inventor
孙巧萍
周宇
郭晓凤
孙知信
Original Assignee
扬州永信计算机有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 扬州永信计算机有限公司 filed Critical 扬州永信计算机有限公司
Priority to CN201310684670.5A priority Critical patent/CN103632097A/en
Publication of CN103632097A publication Critical patent/CN103632097A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection

Abstract

The invention discloses a security threat processing method of a portable mobile terminal. The method comprises the following steps: locally building a light security threat database, matching suspect data, directly processing the suspect data when successfully matching, sending the suspect data to a cloud end when not successfully matching, matching the suspect data with a security threat database of the cloud end by the cloud end, and further processing according to a matching result; no matter cloud-end matching or local matching exists, performing frequency updating on feature information corresponding to the suspect data, and updating the local security threat database according to frequency information to relatively fix the volume of the local security threat database. According to the security threat processing method, most of calculation tasks of security threat processing tasks are transferred to a cloud-end server in a manner of combining cloud computing with terminal detection, so that the performance consumption of the terminal is greatly reduced.

Description

Portable mobile termianl security threat disposal route

Technical field

The present invention relates to a kind of terminal security and threaten disposal route, particularly relate to a kind of portable mobile termianl security threat disposal route.

Background technology

Along with constantly popularizing of the mobile terminals such as smart mobile phone, panel computer, the develop rapidly of development of Mobile Internet technology, it is very powerful that the function of mobile phone becomes, become more intelligent, complicated, personalized, popular and networking, and surfing Internet with cell phone user is also at rapid growth.Exactly because also these features, portable mobile termianl, particularly smart mobile phone also more hold easily infected virus.These viruses can cause a series of problem, all bring very large harm to individual and society.

Along with the development of cloud computing, cloud security is also more and more extensive in the application of smart mobile phone security fields as cloud computing.Domestic and international outstanding anti-viral software company; the main flow framework adopting is to detect in mobile terminal this locality; in this locality, set up virus characteristic storehouse; by setting up the method for feature database, can only identify the known Malwares such as virus like this; can not identify emerging virus or new mutation, therefore such guard method imperfection.And along with the increase of the Malware quantity such as virus, the feature in feature database is constantly accumulated, feature database can be more and more huger, and while carrying out characteristic matching, recall precision is more and more lower, to the performance impact of intelligent mobile phone system, also will be more and more serious.Cause mobile phone to threaten and can not well detect, therefore can not effectively solve the full spectrum of threats that smart mobile phone is existed.

Summary of the invention

For above-mentioned the deficiencies in the prior art, the object of this invention is to provide a kind of portable mobile termianl security threat disposal route, solve huge local threat data storehouse and local threaten to process affectedly to a large amount of consumption of system resource, cause security threat timely and effectively to process, and have a strong impact on the problem of system effectiveness.

Technical scheme of the present invention is such: a kind of portable mobile termianl security threat disposal route, it is characterized in that, and comprise the following steps:

1) suspicious data in the access of mobile terminal local monitor, carries out local characteristic matching by the threat information in suspicious data and local security threat data storehouse;

2), if local characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of the security threat data of correspondence in local interim data base;

3) if the failure of local characteristic matching sends suspicious data to high in the clouds, the threat information of suspicious data and high in the clouds security threat database is carried out to high in the clouds characteristic matching;

4), if high in the clouds characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of security threat data corresponding in interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base;

5) if the failure of high in the clouds characteristic matching, by high in the clouds, suspicious data is analyzed, judgement threat types, characteristic information extraction, information is fed back to this locality, according to predefined security strategy or inquiry user, process, and upgrade the frequency information of security threat data corresponding in high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base.

Preferably, the renewal high in the clouds security threat database described in step 4) and step 5), interim threat information storehouse, high in the clouds, local security threat data storehouse refer to the characteristic information of suspicious data are added into high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse.

Preferably, renewal local security threat data storehouse described in step 4) and step 5) refers to judgement local security threat data storehouse volume, as fruit volume is greater than while presetting size, according to the frequency information of security threat data in the interim data base in this locality, delete low frequency security threat data, add the characteristic information of current suspicious data; Otherwise directly the characteristic information of suspicious data is added into local security threat data storehouse.

Technical scheme provided by the present invention, for the limited storage capacity of portable mobile termianl, computing power and battery capacity etc., the mode that adopts cloud computing and mobile terminal to combine, most of calculation task of virus and other safe preventions is moved to cloud server, as a kind of cloud service, to user, provide, at mobile terminal, realize the detection to file, construct lightweight security threat database and to its renewal, in design when the Xiang high in the clouds, local security threat data storehouse of mobile terminal processing server obtains relevant updates, according to the cycle statistics to security threat, add the threat characteristics often occurring in the recent period and delete the security threat feature the most seldom occurring in the recent period simultaneously, to guarantee the local security threat data storehouse small volume of mobile terminal, detection speed is very fast, thereby when improving viral detection efficiency, effectively reduce the consumption of traditional antivirus software to system performance.

Accompanying drawing explanation

Fig. 1 is portable mobile termianl of the present invention this locality and high in the clouds configuration diagram.

Fig. 2 is security threat process flow figure of the present invention.

Embodiment

Below in conjunction with embodiment, the invention will be further described, but not as a limitation of the invention.

Refer to Fig. 1, the reduced price of whole portable mobile termianl security threat has comprised terminal this locality and high in the clouds two parts, and part comprises beyond the clouds:

Feedback response module: the suspicious data sample that feedback response module is responsible for submitting to receiving terminal meets at analysis module or suspicious data sample and high in the clouds security threat database are carried out to characteristic matching, and feedback-related information;

Analysis module: be responsible for suspicious data sample to analyze, judgement threat types, characteristic information extraction, and by result feedback to feedback response module;

Threat data management: threat data administration module is responsible for the increase of threat information in high in the clouds threat safety database, deletion, modification etc.;

High in the clouds security threat database: storage, to the local full spectrum of threats characteristic information producing of terminal, comprises the characteristic information of virus and Malware etc.;

Policy library: store the processing policy of threat information, and security strategy inquiry, the matching feature of standard are provided;

Interim threat information storehouse, high in the clouds: the security threat information that storage the most often occurs recently.

Terminal local part comprises monitoring module: when monitoring module carries out the operations such as mail reception, access websites user, the apocrypha that may occur in responsible monitoring access, virus etc., and the suspicious data of generation is mated in the threat information in local security threat data storehouse, if the match is successful, according to the security strategy of policy library or inquiry user, decide subsequent treatment, upgrade the frequency information in local interim data base; If it fails to match, apocrypha sample information is uploaded to high in the clouds and carries out subsequent treatment;

User's respond module: process or send inquiry to user according to policy library strategy, and carrying out next step processing according to user's selection;

Threat data management: according to the threat safety statistics data from high in the clouds, to threatening the viral increase threatening, deletion etc. in safety database;

Local security threat data storehouse: this module is the database of a lightweight, is responsible for storage and threatens safe characteristic feature information, and provides the virus of standard to threaten inquiry, matching feature, and its volume size is fixing, and content is constantly updated;

Interim data base: the frequency information that storage threat information occurs in the near future etc., be convenient to threat storehouse, this locality to realize pseudo-renewal, namely keep volume size constant.

Incorporated by reference to Fig. 2, when first portable mobile termianl security threat disposal route carries out the operations such as mail reception, access websites by terminal local monitor module user, file is scanned and comprises all kinds of transmission data, document, executable program, multimedia file etc., judge whether to exist suspicious data.As do not found, can data skip, enter next scanning monitoring; If find suspicious data, the data in itself and local security threat data storehouse are contrasted to inquiry.If local characteristic matching success, according to predefined security strategy, process or inquire user by user's respond module, according to user, select to be for further processing, the frequency information of corresponding security threat data in the local interim data base of local threat data administration module renewal.If the failure of local characteristic matching, sends suspicious data to high in the clouds feedback response module, by feedback response module, be responsible for the suspicious data sample submitted to receiving terminal also and high in the clouds security threat database carries out characteristic matching.If high in the clouds characteristic matching success, by result feedback to high in the clouds feedback response module, then be back to terminal this locality, according to predefined security strategy, process or by user's respond module inquiry user, according to user, select to be for further processing.By high in the clouds threat data administration module, upgrade interim threat information storehouse, high in the clouds, the frequency information of corresponding security threat data in the local interim data base of local threat data administration module renewal, and according to this frequency information, delete the threat data not being matched for a long time in local security threat data storehouse, the threat data of up-to-date coupling is added to database, with this, maintains the relatively-stationary volume in one, local security threat data storehouse.When the failure of high in the clouds characteristic matching, by feedback response module, suspicious data sample is sent to analysis module analysis, judgement threat types, characteristic information extraction, then by feedback response module, be back to terminal this locality again, according to predefined security strategy, process or by user's respond module inquiry user, according to user, select to be for further processing.High in the clouds threat data administration module upgrades high in the clouds security threat database and interim threat information storehouse, high in the clouds simultaneously, and local threat data administration module upgrades local security threat data storehouse and local interim data base.By above security threat disposal route, in this locality, create and renewal lightweight security threat database, add up the frequency size that nearest threat characteristics occurs, for threatening the renewal of security vault to delete, provide according to keeping the volume in security threat storehouse to fix, threat information is constantly updated, detection speed is very fast, thereby when improving viral detection efficiency, effectively reduces the consumption of traditional antivirus software to system performance.

Claims (3)

1. a portable mobile termianl security threat disposal route, is characterized in that, comprises the following steps:
1) suspicious data in the access of mobile terminal local monitor, carries out local characteristic matching by the threat information in suspicious data and local security threat data storehouse;
2), if local characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of the security threat data of correspondence in local interim data base;
3) if the failure of local characteristic matching sends suspicious data to high in the clouds, the threat information of suspicious data and high in the clouds security threat database is carried out to high in the clouds characteristic matching;
4), if high in the clouds characteristic matching is successful, according to predefined security strategy or inquiry user, processes, and upgrade the frequency information of security threat data corresponding in interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base;
5) if the failure of high in the clouds characteristic matching, by high in the clouds, suspicious data is analyzed, judgement threat types, characteristic information extraction, information is fed back to this locality, according to predefined security strategy or inquiry user, process, and upgrade the frequency information of security threat data corresponding in high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse and local interim data base.
2. portable mobile termianl security threat disposal route according to claim 1, is characterized in that: the renewal high in the clouds security threat database described in step 4) and step 5), interim threat information storehouse, high in the clouds, local security threat data storehouse refer to the characteristic information of suspicious data is added into high in the clouds security threat database, interim threat information storehouse, high in the clouds, local security threat data storehouse.
3. portable mobile termianl security threat disposal route according to claim 1, it is characterized in that: the renewal local security threat data storehouse described in step 4) and step 5) refers to judgement local security threat data storehouse volume, as fruit volume is greater than while presetting size, according to the frequency information of security threat data in the interim data base in this locality, delete low frequency security threat data, add the characteristic information of current suspicious data; Otherwise directly the characteristic information of suspicious data is added into local security threat data storehouse.
CN201310684670.5A 2013-12-13 2013-12-13 Security threat processing method of portable mobile terminal CN103632097A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310684670.5A CN103632097A (en) 2013-12-13 2013-12-13 Security threat processing method of portable mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310684670.5A CN103632097A (en) 2013-12-13 2013-12-13 Security threat processing method of portable mobile terminal

Publications (1)

Publication Number Publication Date
CN103632097A true CN103632097A (en) 2014-03-12

Family

ID=50213133

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310684670.5A CN103632097A (en) 2013-12-13 2013-12-13 Security threat processing method of portable mobile terminal

Country Status (1)

Country Link
CN (1) CN103632097A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104732148A (en) * 2015-04-14 2015-06-24 北京汉柏科技有限公司 Distributed searching and killing method and system
CN105262739A (en) * 2015-09-25 2016-01-20 上海斐讯数据通信技术有限公司 Security defense method, terminal, server, and system
WO2017008608A1 (en) * 2015-07-10 2017-01-19 腾讯科技(深圳)有限公司 Cloud service based security information acquisition method for mobile terminal, terminal and storage medium, cloud service based security information delivery method for mobile terminal, and server
CN108133148A (en) * 2017-12-22 2018-06-08 北京明朝万达科技股份有限公司 Data safety inspection method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102663284A (en) * 2012-03-21 2012-09-12 南京邮电大学 Malicious code identification method based on cloud computing
CN103281301A (en) * 2013-04-28 2013-09-04 上海海事大学 System and method for judging cloud safety malicious program
CN103391520A (en) * 2012-05-08 2013-11-13 腾讯科技(深圳)有限公司 Method, terminal, server and system for intercepting malicious short message
CN103400076A (en) * 2013-07-30 2013-11-20 腾讯科技(深圳)有限公司 Method, device and system for detecting malicious software on mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102663284A (en) * 2012-03-21 2012-09-12 南京邮电大学 Malicious code identification method based on cloud computing
CN103391520A (en) * 2012-05-08 2013-11-13 腾讯科技(深圳)有限公司 Method, terminal, server and system for intercepting malicious short message
CN103281301A (en) * 2013-04-28 2013-09-04 上海海事大学 System and method for judging cloud safety malicious program
CN103400076A (en) * 2013-07-30 2013-11-20 腾讯科技(深圳)有限公司 Method, device and system for detecting malicious software on mobile terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104732148A (en) * 2015-04-14 2015-06-24 北京汉柏科技有限公司 Distributed searching and killing method and system
WO2017008608A1 (en) * 2015-07-10 2017-01-19 腾讯科技(深圳)有限公司 Cloud service based security information acquisition method for mobile terminal, terminal and storage medium, cloud service based security information delivery method for mobile terminal, and server
US10554673B2 (en) 2015-07-10 2020-02-04 Tencent Technology (Shenzhen) Company Limited Methods and apparatuses for obtaining and delivering mobile terminal security information based on a cloud service
CN105262739A (en) * 2015-09-25 2016-01-20 上海斐讯数据通信技术有限公司 Security defense method, terminal, server, and system
CN108133148A (en) * 2017-12-22 2018-06-08 北京明朝万达科技股份有限公司 Data safety inspection method and system

Similar Documents

Publication Publication Date Title
US9747445B2 (en) Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning
US20190166136A1 (en) Remote malware remediation
US20170366560A1 (en) Server-assisted anti-malware client
US20170048273A1 (en) Phishing and threat detection and prevention
US9715588B2 (en) Method of detecting a malware based on a white list
CN105474678B (en) For the concentration selection application license of mobile device
US9596257B2 (en) Detection and prevention of installation of malicious mobile applications
US9674208B2 (en) Detecting computer security threats in electronic documents based on structure
US10382472B2 (en) Graphical display of events indicating security threats in an information technology system
US10148681B2 (en) Automated identification of phishing, phony and malicious web sites
AU2015380394B2 (en) Methods and systems for identifying potential enterprise software threats based on visual and non-visual data
KR101693370B1 (en) Fuzzy whitelisting anti-malware systems and methods
US9712457B2 (en) Server directed client originated search aggregator
US9311480B2 (en) Server-assisted anti-malware client
CN102801697B (en) Malicious code detection method and system based on plurality of URLs (Uniform Resource Locator)
EP2653987B1 (en) Displaying web pages without downloading static files
JP6304833B2 (en) Using telemetry to reduce malware definition package size
US20150106875A1 (en) System and method for data mining and security policy management
Chen et al. Uncovering the face of android ransomware: Characterization and real-time detection
Xu et al. Cross-layer detection of malicious websites
US8056136B1 (en) System and method for detection of malware and management of malware-related information
EP2831798B1 (en) Systems and methods for using property tables to perform non-iterative malware scans
US9003529B2 (en) Apparatus and method for identifying related code variants in binaries
CA2770265C (en) Individualized time-to-live for reputation scores of computer files
WO2016164844A1 (en) Message report processing and threat prioritization

Legal Events

Date Code Title Description
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20140312