CN103824015B - Application program control method, device and system - Google Patents
Application program control method, device and system Download PDFInfo
- Publication number
- CN103824015B CN103824015B CN201410067493.0A CN201410067493A CN103824015B CN 103824015 B CN103824015 B CN 103824015B CN 201410067493 A CN201410067493 A CN 201410067493A CN 103824015 B CN103824015 B CN 103824015B
- Authority
- CN
- China
- Prior art keywords
- behavior
- program
- plug
- application program
- triggering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The invention discloses an application program control method, device and system, wherein the application program control method comprises the following steps that the application program is run, weather the application program is a tag-on service or not is judged, if the application program is judged to be the tag-on service, behavior of the application program during run time is monitored, when the behavior of the application program during the run time triggers a defense point, the relationship between the behavior of the triggering defense point and the tag-on service is acquired, and the behavior of the triggering defense point is controlled according to the relationship between the behavior of the triggering defense point and the tag-on service. By means of the application program control method, when the application program is judged to be the tag-on service, the normal use of a user can be guaranteed and malicious activities in the tag-on service can also be intercepted, so that the safety of a terminal system can be guaranteed, besides, the behavior of the tag-on service can be set as default or release, the harassment to the user caused by the frequent triggering defense point of the tag-on service can be avoided, and user experience is improved.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of control method of application program, device and system.
Background technology
With flourishing for various game, game plug-in program also increasingly rises.Because plug-in program is by similar
What the method for Virus was modified to game data, therefore, plug-in program can be mistaken for Virus by antivirus software, and
Causing substantial amounts of game user cannot normally use plug-in program.At present, most of antivirus softwares can be to plug-in program as evil
Meaning program is intercepted, and points out user to select to operate the treatment of plug-in program.
But, realize it is of the invention during, inventor find prior art at least there is problems with, user is not
Technical staff, it is difficult to judge whether plug-in program is rogue program.If user's selection intercepts some necessity in plug-in program
Operation can then cause the plug-in program cannot to run;And plug-in program is easy to be used to binding rogue program and is propagated, such as
Fruit user lets pass to this kind of plug-in program, then can the terminal of user be used of seat belts to endanger.Additionally, plug-in program
Frequently triggering defence stand causes harassing and wrecking to user, reduces Consumer's Experience.
The content of the invention
It is contemplated that at least solving above-mentioned technical problem to a certain extent.
Therefore, the purpose of the first aspect of the present invention is to propose a kind of control method of application program, can be in application
When program is plug-in program, it is ensured that the malicious act in plug-in program is intercepted while user normally uses, it is to avoid
Plug-in program frequently triggers defence stand and harassing and wrecking is caused to user.
The purpose of the second aspect of the present invention is to propose a kind of control device of application program.
The purpose of third aspect present invention is to propose a kind of control system of application program.
The purpose of fourth aspect present invention is to propose a kind of client terminal device.
It is that up to above-mentioned purpose, embodiment proposes a kind of control method of application program according to a first aspect of the present invention, wraps
Include:Operation application program, and plug-in program storehouse is inquired about to judge whether the application program is plug-in program;If it is determined that described
Application program is plug-in program, then monitor application program behavior in the process of running;When the application program is in operation
During behavior triggering defence stand when, obtain the relation between the behavior of the triggering defence stand and the plug-in program;With
And trigger the defence stand according to the relation pair between the behavior for triggering the defence stand and the plug-in program
Behavior is controlled.
The control method of the application program of the embodiment of the present invention, can monitor when application program is judged for plug-in application program
Behavior in application program running, when there is behavior to trigger defence stand, according to the relation between the behavior and plug-in program
The behavior is controlled, for example, then the behavior is let pass if necessary sexual intercourse, if non-essential relation then
The behavior is intercepted.So as to, it is ensured that user normally using plug-in program while the malicious act in plug-in program is entered
Row is intercepted, it is ensured that the system safety of terminal.Additionally, can carry out giving tacit consent to interception or clearance to the behavior of plug-in program, it is to avoid outer
Extension program frequently triggers defence stand and harassing and wrecking is caused to user, lifts Consumer's Experience.
The embodiment of the second aspect of the present invention provides a kind of control device of application program, including:Program runs mould
Block, for running application program;Judge module, for inquiring about plug-in program storehouse to judge whether the application program is plug-in journey
Sequence;Monitoring module, exists for when the judge module judges the application program for plug-in program, monitoring the application program
Behavior in running;Acquisition module, when triggering defence stand for the behavior when the application program in the process of running, obtains
Take the relation between the behavior and the plug-in program for triggering the defence stand;And control module, for according to the triggering
The behavior that the defence stand is triggered described in relation pair between the behavior of the defence stand and the plug-in program is controlled.
The control device of the application program of the embodiment of the present invention, can monitor when application program is judged for plug-in application program
Behavior in application program running, when there is behavior to trigger defence stand, according to the relation between the behavior and plug-in program
The behavior is controlled, for example, then the behavior is let pass if necessary sexual intercourse, if non-essential relation then
The behavior is intercepted.So as to, it is ensured that user normally using plug-in program while the malicious act in plug-in program is entered
Row is intercepted, it is ensured that the system safety of terminal.Additionally, can carry out giving tacit consent to interception or clearance to the behavior of plug-in program, it is to avoid outer
Extension program frequently triggers defence stand and harassing and wrecking is caused to user, lifts Consumer's Experience.
The embodiment of third aspect present invention provides a kind of control system of application program, including:Second party of the present invention
The application program controlling device of the embodiment in face;And server, wherein, the server includes plug-in program storehouse.
The control system of the application program of the embodiment of the present invention, can be judged by the plug-in program storehouse inquired about in server should
Whether it is plug-in program with program, and when judging that application program is plug-in application program in monitoring application program running
Behavior, when there is behavior to trigger defence stand, is controlled, example according to the relation pair behavior between the behavior and plug-in program
Such as, then the behavior is let pass if necessary sexual intercourse, then the behavior is intercepted if non-essential relation.From
And, it is ensured that user normally using plug-in program while the malicious act in plug-in program is intercepted, it is ensured that terminal is
System safety.Additionally, can carry out giving tacit consent to interception or clearance to the behavior of plug-in program, it is to avoid plug-in program frequently triggers defence stand
Harassing and wrecking are caused to user, Consumer's Experience is lifted.
The embodiment of fourth aspect present invention provides a kind of client terminal device, including:Shell, display, circuit board and
Processor, wherein, circuit board is placed in the interior volume that shell is surrounded, and display is connected in housing exterior with circuit board,
Processor is set on circuit boards;Processor is used for processing data, and specifically for performing following steps:Operation application program,
And plug-in program storehouse is inquired about to judge whether the application program is plug-in program;If it is determined that the application program is plug-in journey
Sequence, then monitor application program behavior in the process of running;When application program behavior triggering in the process of running
During defence stand, the relation between the behavior of the triggering defence stand and the plug-in program is obtained;And according to the triggering institute
State and the behavior of the defence stand is triggered described in the relation pair between the behavior of defence stand and the plug-in program be controlled.
The client terminal device of the embodiment of the present invention, can monitor application program when application program is judged for plug-in application program
Behavior in running, when there is behavior to trigger defence stand, according to the relation pair behavior between the behavior and plug-in program
It is controlled, for example, then the behavior is let pass if necessary sexual intercourse, if non-essential relation then to the behavior
Intercepted.So as to, it is ensured that user normally using plug-in program while the malicious act in plug-in program is intercepted, protect
Demonstrate,prove the system safety of terminal.Additionally, can carry out giving tacit consent to interception or clearance to the behavior of plug-in program, it is to avoid plug-in program is frequent
Triggering defence stand causes harassing and wrecking to user, lifts Consumer's Experience.
Additional aspect of the invention and advantage will be set forth in part in the description, and will partly become from the following description
Obtain substantially, or recognized by practice of the invention.
Brief description of the drawings
Of the invention above-mentioned and/or additional aspect and advantage will become from description of the accompanying drawings below to embodiment is combined
Substantially and be readily appreciated that, wherein:
Fig. 1 is the flow chart of the control method of the application program according to one embodiment of the invention.
Fig. 2 is the flow chart of the control method of the application program according to another embodiment of the present invention.
Fig. 3 is the structural representation of the control device of the application program according to one embodiment of the invention.
Fig. 4 is the structural representation of the control device of the application program according to another embodiment of the present invention.
Fig. 5 is the structural representation of the control system of the application program according to one embodiment of the invention.
Specific embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from start to finish
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
It is exemplary to scheme the embodiment of description, is only used for explaining the present invention, and is not considered as limiting the invention.
In the description of the invention, it is to be understood that term " " center ", " longitudinal direction ", " transverse direction ", " on ", D score,
The orientation or position relationship of the instruction such as "front", "rear", "left", "right", " vertical ", " level ", " top ", " bottom ", " interior ", " outward " are
Based on orientation shown in the drawings or position relationship, it is for only for ease of and describes the present invention and simplify to describe, rather than instruction or dark
Showing the device or element of meaning must have specific orientation, with specific azimuth configuration and operation therefore it is not intended that right
Limitation of the invention.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that indicating or implying relative
Importance.
In the description of the invention, it is necessary to illustrate, unless otherwise clearly defined and limited, term " installation ", " phase
Company ", " connection " should be interpreted broadly, for example, it may be being fixedly connected, or being detachably connected, or be integrally connected;Can
Being to mechanically connect, or electrically connect;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, Ke Yishi
Two connections of element internal.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this
Concrete meaning in invention.
Below with reference to the accompanying drawings control method, device and the system of application program according to embodiments of the present invention described.
For the necessity in can guarantee that plug-in program while the malicious act being implanted in plug-in program is effectively intercepted
Behavior operation can be performed normally, and embodiments of the invention propose a kind of control method of application program.
Fig. 1 is the flow chart of the control method of the application program according to one embodiment of the invention.As shown in figure 1, according to
The control method of the application program of the embodiment of the present invention, including:
S101, runs application program, and inquire about plug-in program storehouse to judge whether application program is plug-in program.
In one embodiment of the invention, when application program is run, when the process initiation where the application program
The process is hung up, is then inquired about and be whether there is the application program in plug-in program database, if there is the application program, then
Judge that the application program is plug-in program, if there is no the application program, then judge that the application program is not plug-in program, and
Whether it is to call the process to continue to run with this again after plug-in program is marked to the application program according to the application program
Application program.
In an embodiment of the present invention, plug-in program database is to be identified from the program in cloud server or network
The database of the numerous plug-in programs composition for going out.Specifically, cloud server can be logical from the existing program sample of cloud server
Cross keyword search and search doubtful plug-in program, or webpage is scanned for by spiders or to known plug-in website
It is monitored to obtain doubtful plug-in program.Then, the operating environment information of these doubtful plug-in programs is obtained respectively, for example,
For plug-in program of playing, corresponding game environment and game operation are obtained, and then transport according to operating environment information simulation
Row these doubtful plug-in programs, and obtain the key in behavior sequence and running in running in pop-up window
Word, if behavior sequence is plug-in behavior pattern and/or keyword and plug-in keyword match, can be by the doubtful plug-in program
It is defined as plug-in program.
Wherein, plug-in behavior pattern be to games data or the behavior sequence modified to system data in itself,
As input method injection behavior, Remote thread injecting behavior, long-distance inner read-write behavior, the behavior of system core target releasing document,
One or more in shutdown behavior, load driver program behavior, addition startup item behavior and modification main browser page behavior
Behavior etc..Plug-in keyword is the distinctive keyword of plug-in program, and such as plug-in, auxiliary, brush car, brush bore hot game keyword
Or commonly use plug-in title etc..It is above-mentioned to plug-in behavior pattern and plug-in keyword it should be appreciated that in an embodiment of the present invention
Illustrate exemplary only, the present invention does not do and have to the behavior sequence type and the content of plug-in keyword in plug-in behavior pattern
Body is limited.
In an embodiment of the present invention, plug-in program database is storable in local client, may be alternatively stored in high in the clouds clothes
Business device, and can be updated according to predetermined period, wherein, predetermined period can be 1 day, and one week etc., the present invention was not limited this.
S102, if it is determined that application program is plug-in program, then monitors application program behavior in the process of running.
In one embodiment of the invention, application program behavior in the process of running is application program in running
In to the treatment of data or system operation, such as modification data.
S103, when application program behavior in the process of running triggers defence stand, obtain the behavior of triggering defence stand with
Relation between plug-in program.
In one embodiment of the invention, if the behavior of triggering defence stand is input method injection behavior, remote thread
One or more in injection behavior, long-distance inner read-write behavior and system core target releasing document behavior, the then triggering
The necessary behavior of its function is realized in the behavior of defence stand for plug-in program, it may be determined that the behavior of the triggering defence stand and plug-in program
Between relation be necessary sexual intercourse;If triggering the behavior of defence stand for shutdown behavior, load driver program behavior, addition are opened
One or more in dynamic item behavior and modification main browser page behavior, then the behavior of the triggering defence stand is that system can be made
Into the behavior of security threat, it may be determined that the relation between the behavior of the triggering defence stand and plug-in program is non-essential relation.
S104, the behavior of the relation pair triggering defence stand between the behavior and plug-in program according to triggering defence stand is controlled
System.
In one embodiment of the invention, if the relation between the behavior of triggering defence stand and plug-in program is necessity
Sexual intercourse, then intercept to the behavior for triggering defence stand;If triggering the relation between the behavior of defence stand and plug-in program
It is non-essential relation, then the behavior for triggering defence stand is let pass.
The control method of the application program of the embodiment of the present invention, can monitor when application program is judged for plug-in application program
Behavior in application program running, when there is behavior to trigger defence stand, according to the relation between the behavior and plug-in program
The behavior is controlled, for example, then the behavior is let pass if necessary sexual intercourse, if non-essential relation then
The behavior is intercepted.So as to, it is ensured that user normally using plug-in program while the malicious act in plug-in program is entered
Row is intercepted, it is ensured that the system safety of terminal.Additionally, can carry out giving tacit consent to interception or clearance to the behavior of plug-in program, it is to avoid outer
Extension program frequently triggers defence stand and harassing and wrecking is caused to user, lifts Consumer's Experience.
In order to statistical analysis to the control effect of application program, that is, it is capable of the behavior of statistical analysis interception plug-in program
Specific aim and validity, can record the interception operation of behavior to application program in the process of running, and upload onto the server into
Row analysis.Specifically, Fig. 2 is the flow chart of the control method of the application program according to another embodiment of the present invention, such as Fig. 2 institutes
Show, the control method of application program of the invention includes:
S201, runs application program, and inquire about plug-in program storehouse to judge whether application program is plug-in program.
S202, if it is determined that application program is plug-in program, then monitors application program behavior in the process of running.
S203, when application program behavior in the process of running triggers defence stand, obtain the behavior of triggering defence stand with
Relation between plug-in program.
In one embodiment of the invention, if the behavior of triggering defence stand is input method injection behavior, remote thread
One or more in injection behavior, long-distance inner read-write behavior and system core target releasing document behavior, the then triggering
The necessary behavior of its function is realized in the behavior of defence stand for plug-in program, it may be determined that the behavior of the triggering defence stand and plug-in program
Between relation be necessary sexual intercourse;If triggering the behavior of defence stand for shutdown behavior, load driver program behavior, addition are opened
One or more in dynamic item behavior and modification main browser page behavior, then the behavior of the triggering defence stand is that system can be made
Into the behavior of security threat, it may be determined that the relation between the behavior of the triggering defence stand and plug-in program is non-essential relation.
S204, the behavior of the relation pair triggering defence stand between the behavior and plug-in program according to triggering defence stand is controlled
System.
In one embodiment of the invention, if the relation between the behavior of triggering defence stand and plug-in program is necessity
Sexual intercourse, then intercept to the behavior for triggering defence stand;If triggering the relation between the behavior of defence stand and plug-in program
It is non-essential relation, then the behavior for triggering defence stand is let pass.
S205, the interception for recording the behavior to application program in the process of running is operated and uploaded onto the server.
In an embodiment of the present invention, after the record for intercepting operation is uploaded onto the server, server can be according to client
The interception operation note of upload carries out statistical analysis, and the control method of application program is optimized according to analysis result.
The control method of the application program of the embodiment of the present invention, can will record the behavior to application program in the process of running
Interception operation, and the record is uploaded onto the server, so as to be carried out to the behavior specific aim and validity that intercept plug-in program
Statistical analysis, further optimizes, to the control method of application program with according to analysis result so as to improve application program
The validity and specific aim of control.
In order to realize above-described embodiment, the present invention also proposes a kind of control device of application program.
Fig. 3 is the structural representation of the control device of the application program according to one embodiment of the invention.As shown in figure 3,
The control device of the application program includes:Program operation module 110, judge module 120, monitoring module 130, acquisition module 140
With control module 150.
Specifically, program operation module 110 is used to run application program.
Judge module 120 is used to inquire about plug-in program storehouse to judge whether application program is plug-in program.Of the invention
In one embodiment, judge module 120 may include query unit 121 and judging unit 122.More specifically, running mould in program
After the operation application program of block 110, judge module 120 hangs up the process in the process initiation where the application program, then
Inquired about by query unit 121 and whether there is the application program in plug-in program database, judging unit 122 is in query unit
121 in plug-in program data base when inquiring the application program, judges that the application program is plug-in program, judging unit 122
When query unit 121 does not inquire the application program in plug-in program data base, judge that the application program is not plug-in journey
Sequence.So as to program operation module 110 can according to the application program whether be after plug-in program is marked to the application program again
It is secondary to call the process to continue to run with the application program.
In an embodiment of the present invention, plug-in program database is to be identified from the program in cloud server or network
The database of the numerous plug-in programs composition for going out.Specifically, cloud server can be logical from the existing program sample of cloud server
Cross keyword search and search doubtful plug-in program, or webpage is scanned for by spiders or to known plug-in website
It is monitored to obtain doubtful plug-in program.Then, the operating environment information of these doubtful plug-in programs is obtained respectively, for example,
For plug-in program of playing, corresponding game environment and game operation are obtained, and then transport according to operating environment information simulation
Row these doubtful plug-in programs, and obtain the key in behavior sequence and running in running in pop-up window
Word, if behavior sequence is plug-in behavior pattern and/or keyword and plug-in keyword match, can be by the doubtful plug-in program
It is defined as plug-in program.Wherein, plug-in behavior pattern is to games data or the row modified to system data in itself
It is sequence, such as input method injection behavior, Remote thread injecting behavior, long-distance inner read-write behavior, the release of system core target is literary
One kind in part behavior, shutdown behavior, load driver program behavior, addition startup item behavior and modification main browser page behavior
Or various behaviors etc..Plug-in keyword is the distinctive keyword of plug-in program, and such as plug-in, auxiliary, brush car, brush bore hot game
Keyword commonly uses plug-in title etc..
In an embodiment of the present invention, plug-in program database is storable in local client, may be alternatively stored in high in the clouds clothes
Business device, and can be updated according to predetermined period, wherein, predetermined period can be 1 day, and one week etc., the present invention was not limited this.
Monitoring module 130 is used for when judge module judges application program for plug-in program, and monitoring application program is in operation
During behavior.In one embodiment of the invention, application program behavior in the process of running is application program in fortune
Treatment during row to data or system is operated, and such as changes data.
When the behavior that acquisition module 140 is used for when application program in the process of running triggers defence stand, triggering defence is obtained
Relation between the behavior of point and plug-in program.In one embodiment of the invention, if the behavior of triggering defence stand is defeated
Enter method to inject in behavior, Remote thread injecting behavior, long-distance inner read-write behavior and system core target releasing document behavior
One or more, then the necessary behavior of its function is realized in the behavior of the triggering defence stand for plug-in program, it may be determined that the triggering
Relation between the behavior of defence stand and plug-in program is necessary sexual intercourse;If trigger defence stand behavior for shutdown behavior,
One or more in load driver program behavior, addition startup item behavior and modification main browser page behavior, the then triggering
The behavior of defence stand is the behavior that security threat can be caused to system, it may be determined that the behavior of the triggering defence stand and plug-in program it
Between relation be non-essential relation.
Control module 150 is used for according to the relation pair triggering defence stand between the behavior of triggering defence stand and plug-in program
Behavior is controlled.In one embodiment of the invention, control module 150 may include interception unit 151 and clearance unit
152,.More specifically, the relation that interception unit 151 is used between the behavior of triggering defence stand and plug-in program is for necessity is closed
When being, the behavior to triggering defence stand is intercepted;Clearance unit 152 is between the behavior of triggering defence stand and plug-in program
When relation is non-essential relation, the behavior to triggering defence stand is let pass.
The control device of the application program of the embodiment of the present invention, can monitor when application program is judged for plug-in application program
Behavior in application program running, when there is behavior to trigger defence stand, according to the relation between the behavior and plug-in program
The behavior is controlled, for example, then the behavior is let pass if necessary sexual intercourse, if non-essential relation then
The behavior is intercepted.So as to, it is ensured that user normally using plug-in program while the malicious act in plug-in program is entered
Row is intercepted, it is ensured that the system safety of terminal.Additionally, can carry out giving tacit consent to interception or clearance to the behavior of plug-in program, it is to avoid outer
Extension program frequently triggers defence stand and harassing and wrecking is caused to user, lifts Consumer's Experience.
Fig. 4 is the structural representation of the control device of the application program according to another embodiment of the present invention.Such as Fig. 4 institutes
Show, the control device of application program according to embodiments of the present invention, including:Program operation module 110, judge module 120, monitoring
Module 130, acquisition module 140, control module 150 and logging modle 160.
Specifically, logging modle 160 be used to record behavior to application program in the process of running interception operation and
Reach server.In an embodiment of the present invention, after logging modle 160 uploads onto the server the record for intercepting operation, service
Device can carry out statistical analysis according to the interception operation note of client upload, and according to analysis result to the controlling party of application program
Method is optimized.
The control device of the application program of the embodiment of the present invention, can will record the behavior to application program in the process of running
Interception operation, and the record is uploaded onto the server, so as to be carried out to the behavior specific aim and validity that intercept plug-in program
Statistical analysis, further optimizes, to the control method of application program with according to analysis result so as to improve application program
The validity and specific aim of control.
In order to realize above-described embodiment, the present invention also proposes a kind of control system of application program.
Fig. 5 is the structural representation of the control system of the application program according to one embodiment of the invention.As shown in figure 5,
The control system of the application program includes:The application program controlling device 100 of the embodiment of third aspect present invention;And service
Device 300, wherein, server 300 includes plug-in program storehouse.
In an embodiment of the present invention, server 300 can be same with the server of fourth aspect present invention embodiment
Server, or different servers.
The control system of the application program of the embodiment of the present invention, can be judged by the plug-in program storehouse inquired about in server should
Whether it is plug-in program with program, and when judging that application program is plug-in application program in monitoring application program running
Behavior, when there is behavior to trigger defence stand, is controlled, example according to the relation pair behavior between the behavior and plug-in program
Such as, then the behavior is let pass if necessary sexual intercourse, then the behavior is intercepted if non-essential relation.From
And, it is ensured that user normally using plug-in program while the malicious act in plug-in program is intercepted, it is ensured that terminal is
System safety.Additionally, can carry out giving tacit consent to interception or clearance to the behavior of plug-in program, it is to avoid plug-in program frequently triggers defence stand
Harassing and wrecking are caused to user, Consumer's Experience is lifted.
Any process described otherwise above or method description in flow chart or herein is construed as, and expression includes
It is one or more for realizing specific logical function or process the step of the module of code of executable instruction, fragment or portion
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussion suitable
Sequence, including function involved by basis by it is basic simultaneously in the way of or in the opposite order, carry out perform function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Represent in flow charts or logic and/or step described otherwise above herein, for example, being considered use
In the order list of the executable instruction for realizing logic function, in may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment(As computer based system, including the system of processor or other can be held from instruction
The system of row system, device or equipment instruction fetch and execute instruction)Use, or with reference to these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium " can any can be included, store, communicate, propagate or pass
The dress that defeated program is used for instruction execution system, device or equipment or with reference to these instruction execution systems, device or equipment
Put.The more specifically example of computer-readable medium(Non-exhaustive list)Including following:With the electricity that one or more are connected up
Connecting portion(Electronic installation), portable computer diskette box(Magnetic device), random access memory(RAM), read-only storage
(ROM), erasable edit read-only storage(EPROM or flash memory), fiber device, and portable optic disk is read-only deposits
Reservoir(CDROM).In addition, computer-readable medium can even is that the paper that can thereon print described program or other are suitable
Medium, because optical scanner for example can be carried out by paper or other media, then enters edlin, interpretation or if necessary with it
His suitable method is processed electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each several part of the invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned
In implementation method, the software that multiple steps or method can in memory and by suitable instruction execution system be performed with storage
Or firmware is realized.If for example, realized with hardware, and in another embodiment, can be with well known in the art
Any one of row technology or their combination are realized:With the logic gates for realizing logic function to data-signal
Discrete logic, the application specific integrated circuit with suitable combinational logic gate circuit, programmable gate array(PGA), scene
Programmable gate array(FPGA)Deng.
Those skilled in the art are appreciated that to realize all or part of step that above-described embodiment method is carried
The rapid hardware that can be by program to instruct correlation is completed, and described program can be stored in a kind of computer-readable storage medium
In matter, the program upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, during each functional unit in each embodiment of the invention can be integrated in a processing module, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a module.Above-mentioned integrated mould
Block can both be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.The integrated module is such as
Fruit is to realize in the form of software function module and as independent production marketing or when using, it is also possible to which storage is in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only storage, disk or CD etc..
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means to combine specific features, structure, material or spy that the embodiment or example are described
Point is contained at least one embodiment of the invention or example.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although an embodiment of the present invention has been shown and described, it will be understood by those skilled in the art that:Not
Can these embodiments be carried out with various changes, modification, replacement and modification in the case of departing from principle of the invention and objective, this
The scope of invention is by claim and its equivalent limits.
Claims (9)
1. a kind of control method of application program, it is characterised in that including:
Operation application program, and plug-in program storehouse is inquired about to judge whether the application program is plug-in program;
If it is determined that the application program is plug-in program, then application program behavior in the process of running is monitored;
When application program behavior in the process of running triggers defence stand, behavior and the institute of the triggering defence stand are obtained
State the relation between plug-in program;And
The defence stand is triggered described in the relation pair between behavior and the plug-in program according to the triggering defence stand
Behavior be controlled, wherein, the relation according between the behavior of the triggering defence stand and the plug-in program
The behavior for triggering the defence stand is controlled and is specifically included:If the behavior of the triggering defence stand with it is described
Relation between plug-in program is necessary sexual intercourse, then the behavior to the triggering defence stand is let pass;If described
The relation between the behavior of the defence stand and the plug-in program is triggered for non-essential relation, then it is described to the triggering anti-
The behavior of imperial point is intercepted.
2. the method for claim 1, it is characterised in that the inquiry plug-in program storehouse is to judge the application program
It is no for plug-in program is specifically included:
Inquire about and whether there is the application program in the plug-in program storehouse;
If there is the application program, then judge that the application program is plug-in program;
If there is no the application program, then judge that the application program is not plug-in program.
3. method as claimed in claim 1 or 2, it is characterised in that the acquisition trigger the behavior of the defence stand with it is described
Relation between plug-in program is specifically included:
If the behavior of the triggering defence stand is read for input method injection behavior, Remote thread injecting behavior, long-distance inner
Write one or more in behavior and system core target releasing document behavior, it is determined that the row of the triggering defence stand
It with the relation between the plug-in program is necessary sexual intercourse to be;
If the behavior of the triggering defence stand is shutdown behavior, load driver program behavior, addition startup item behavior with
And one or more in modification main browser page behavior, it is determined that the behavior of the triggering defence stand and the plug-in journey
Relation between sequence is non-essential relation.
4. method as claimed in claim 1 or 2, it is characterised in that also include:
The interception for recording the behavior to the application program in the process of running is operated and uploaded onto the server.
5. a kind of control device of application program, it is characterised in that including:
Program runs module, for running application program;
Judge module, for inquiring about plug-in program storehouse to judge whether the application program is plug-in program;
Monitoring module, for when the judge module judges the application program for plug-in program, monitoring the application program
Behavior in the process of running;
Acquisition module, when triggering defence stand for the behavior when the application program in the process of running, obtains triggering described anti-
Relation between the behavior of imperial point and the plug-in program;And
Control module, for being touched described in the relation pair between the behavior according to the triggering defence stand and the plug-in program
The behavior for sending out defence stand described is controlled, wherein, the control module is specifically included:Clearance unit, in the triggering
When relation between the behavior of the defence stand and the plug-in program is necessary sexual intercourse, to the triggering defence stand
Behavior is let pass;Interception unit, for the relation between the behavior of the triggering defence stand and the plug-in program
During for non-essential relation, the behavior to the triggering defence stand is intercepted.
6. device as claimed in claim 5, it is characterised in that the judge module is specifically included:
Query unit, the application program is whether there is for inquiring about in the plug-in program storehouse;
Judging unit, for when the query unit inquires the application program in the plug-in program storehouse, judging institute
Application program is stated for plug-in program, and the application program is not inquired in the plug-in program storehouse in the query unit
When, judge that the application program is not plug-in program.
7. the device as described in claim 5 or 6, it is characterised in that the acquisition module specifically for:
It is input method injection behavior, Remote thread injecting behavior, long-distance inner read-write in the behavior of the triggering defence stand
During one or more in behavior and system core target releasing document behavior, the behavior of the triggering defence stand is determined
It is necessary sexual intercourse with the relation between the plug-in program;
The behavior of the triggering defence stand be shutdown behavior, load driver program behavior, addition startup item behavior and
When changing one or more in main browser page behavior, the behavior of the triggering defence stand and the plug-in program are determined
Between relation be non-essential relation.
8. the device as described in claim 5 or 6, it is characterised in that also include:
Logging modle, the interception for recording the behavior to the application program in the process of running is operated and is uploaded to service
Device.
9. a kind of control system of application program, it is characterised in that including:
The control device of the application program as described in claim 5-8;And
Server, wherein, the server includes plug-in program storehouse.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410067493.0A CN103824015B (en) | 2014-02-26 | 2014-02-26 | Application program control method, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410067493.0A CN103824015B (en) | 2014-02-26 | 2014-02-26 | Application program control method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103824015A CN103824015A (en) | 2014-05-28 |
CN103824015B true CN103824015B (en) | 2017-05-24 |
Family
ID=50759071
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410067493.0A Active CN103824015B (en) | 2014-02-26 | 2014-02-26 | Application program control method, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103824015B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105607934A (en) * | 2015-12-24 | 2016-05-25 | 北京奇虎科技有限公司 | Application processing method and terminal |
CN106775986B (en) * | 2016-12-26 | 2020-09-01 | 努比亚技术有限公司 | Process management method and electronic equipment |
CN110928595B (en) * | 2018-08-31 | 2024-02-02 | 北京搜狗科技发展有限公司 | Authority operation method and device |
CN113407804B (en) * | 2021-07-14 | 2023-06-16 | 杭州雾联科技有限公司 | Crawler-based externally hung accurate marking and identifying method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102902924A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for detecting behavior feature of file |
CN102945344A (en) * | 2012-10-17 | 2013-02-27 | 北京奇虎科技有限公司 | Background switching service processing method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8677508B2 (en) * | 2010-01-13 | 2014-03-18 | Nec Corporation | Confidential information leakage prevention system, confidential information leakage prevention method and confidential information leakage prevention program |
-
2014
- 2014-02-26 CN CN201410067493.0A patent/CN103824015B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102902924A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for detecting behavior feature of file |
CN102945344A (en) * | 2012-10-17 | 2013-02-27 | 北京奇虎科技有限公司 | Background switching service processing method and system |
Also Published As
Publication number | Publication date |
---|---|
CN103824015A (en) | 2014-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10079854B1 (en) | Client-side protective script to mitigate server loading | |
US10270779B2 (en) | Method and apparatus for determining phishing website | |
US9160766B2 (en) | Systems and methods for protecting organizations against spear phishing attacks | |
US9860270B2 (en) | System and method for determining web pages modified with malicious code | |
CN103617395B (en) | Method, device and system for intercepting advertisement programs based on cloud security | |
CN104091125B (en) | Handle the method and suspended window processing unit of suspended window | |
US9336389B1 (en) | Rapid malware inspection of mobile applications | |
WO2014105919A1 (en) | Identifying web pages in malware distribution networks | |
US9147067B2 (en) | Security method and apparatus | |
CN102932356B (en) | Malice network address hold-up interception method and device in multi-core browser | |
CN104486140A (en) | Device and method for detecting hijacking of web page | |
CN103824015B (en) | Application program control method, device and system | |
CN104021017B (en) | The treating method and apparatus of startup item | |
CN103473501B (en) | A kind of Malware method for tracing based on cloud security | |
CN103607385A (en) | Method and apparatus for security detection based on browser | |
US9973525B1 (en) | Systems and methods for determining the risk of information leaks from cloud-based services | |
CN109033828A (en) | A kind of Trojan detecting method based on calculator memory analytical technology | |
CN102930211A (en) | Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser | |
CN104021467A (en) | Method and device for protecting payment security of mobile terminal and mobile terminal | |
US20200336498A1 (en) | Method and apparatus for detecting hidden link in website | |
US20180205705A1 (en) | Network request proxy system and method | |
CN106030527B (en) | By the system and method for application notification user available for download | |
US11792178B2 (en) | Techniques for mitigating leakage of user credentials | |
EP3745292A1 (en) | Hidden link detection method and apparatus for website | |
CN103428212A (en) | Malicious code detection and defense method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20181211 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Seal Interest Technology Co., Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. |