CN104091071A - Risk determining method and device for application programs - Google Patents

Risk determining method and device for application programs Download PDF

Info

Publication number
CN104091071A
CN104091071A CN201410326061.7A CN201410326061A CN104091071A CN 104091071 A CN104091071 A CN 104091071A CN 201410326061 A CN201410326061 A CN 201410326061A CN 104091071 A CN104091071 A CN 104091071A
Authority
CN
China
Prior art keywords
application
security risk
application program
weight
constraint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410326061.7A
Other languages
Chinese (zh)
Other versions
CN104091071B (en
Inventor
祝恒书
于魁飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhigu Ruituo Technology Services Co Ltd
Original Assignee
Beijing Zhigu Ruituo Technology Services Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhigu Ruituo Technology Services Co Ltd filed Critical Beijing Zhigu Ruituo Technology Services Co Ltd
Priority to CN201410326061.7A priority Critical patent/CN104091071B/en
Publication of CN104091071A publication Critical patent/CN104091071A/en
Application granted granted Critical
Publication of CN104091071B publication Critical patent/CN104091071B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

The embodiment of the invention discloses a risk determining method and device for application programs. The method includes the steps that at least one application relation between at least one application program and multiple authorities is determined; the weight of each application relation in all the application relations is determined; the application safety risk value of each application program in all the application programs is determined according to the weight of the corresponding application relation; and safety grading is conducted on the application programs according to the application safety risk values of all the application programs. According to the technical scheme, the application safety risk values of the application programs are determined according to a bigraph model, in addition, safety grading is conducted on the application programs, and a user can select the application program with the proper safety grade according to the safety privacy need of the user.

Description

Application risk determination method and determination device
Technical Field
The present application relates to a data processing method, and in particular, to a technical solution for determining a risk of an application.
Background
With the rapid development of mobile devices and mobile internet in recent years, the number of mobile applications has increased explosively. At the same time, the functionality of mobile applications is greatly expanded to enrich and meet users' diverse needs, such as: location Based Services (LBS), social platform Based Services (SNS), and so on. In fact, these rich functions depend on various user data and usage rights of the device, such as location access rights, address book access rights, short message access rights, etc. The use of these access rights raises concerns about privacy and security for users, and more users desire to know the security of access rights of applications.
Disclosure of Invention
The purpose of this application is: a solution is provided for determining a risk level of an application.
In a first aspect, an embodiment of the present application provides a method for determining a risk of an application, including:
determining at least one application relationship between at least one application program and a plurality of authorities; wherein each application relationship in the at least one application relationship corresponds to an application program in the at least one application program applying for a right in the plurality of rights;
determining a weight value of each application relation in the at least one application relation;
determining an application security risk value of each application program in the at least one application program according to the weight corresponding to each application relation;
and performing security level division on the at least one application program according to the application security risk value of each application program.
In a second aspect, an embodiment of the present application provides a risk determination device for an application, including:
the application relation determining module is used for determining at least one application relation between at least one application program and a plurality of authorities; wherein each application relationship in the at least one application relationship corresponds to an application program in the at least one application program applying for a right in the plurality of rights;
a weight determination module, configured to determine a weight of each application relationship in the at least one application relationship;
a risk value determining module, configured to determine an application security risk value of each application program in the at least one application program according to the weight corresponding to each application relationship;
and the grading module is used for carrying out security grading on the at least one application program according to the application security risk value of each application program.
At least one implementation scheme of the embodiment of the application establishes a bipartite graph model of the application and the authority by determining an application relation between the application and the authority and a weight of the application relation, and determines an application security risk value of the application according to the bipartite graph model; in addition, in order to avoid that the user can not clearly perceive the security risk of the application program according to the application security risk value, the embodiment of the application also performs security level division on the application program, so that the user can conveniently select the application program with a proper security level according to the security privacy requirement of the user.
Drawings
Fig. 1 is a flowchart of a risk determination method for an application according to an embodiment of the present application;
fig. 2 is a schematic diagram of a bipartite graph of an application and a permission in a risk determination method for the application according to an embodiment of the present application;
fig. 3 is a schematic block diagram of a structure of a risk determination device of an application according to an embodiment of the present application;
FIG. 4 is a block diagram illustrating a risk determination device of another application according to an embodiment of the present disclosure;
fig. 5 is a block diagram schematically illustrating a structure of a weight determination unit of a risk determination device of an application according to an embodiment of the present application;
fig. 6a and fig. 6b are schematic block diagrams of the structure of a ranking module of a risk determination device for two types of application programs according to an embodiment of the present application, respectively;
fig. 7 is a block diagram schematically illustrating a structure of an electronic device according to an embodiment of the present application;
fig. 8 is a block diagram schematically illustrating a structure of a risk determination device for another application according to an embodiment of the present application.
Detailed Description
The following detailed description of the present application will be made in conjunction with the accompanying drawings (like numerals represent like elements throughout the several figures) and examples. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
It will be understood by those within the art that the terms "first", "second", etc. in this application are used only to distinguish one step, device or module from another, and do not denote any particular technical meaning or necessarily logical order therebetween.
For an application applied to a user device, it may apply for at least one data usage right of the user device, for example, a desktop application applies for a usage right of photo data stored in the user device. The inventor of the application finds that when the security risk of the application program is evaluated, the evaluation accuracy can be improved by considering the potential relation between the application program and the authority.
As shown in fig. 1, an embodiment of the present application provides a method for determining a risk of an application program, including:
s110, determining at least one application relation between at least one application program and a plurality of authorities; wherein each application relationship in the at least one application relationship corresponds to an application program in the at least one application program applying for a right in the plurality of rights;
s120, determining a weight value of each application relation in the at least one application relation;
s130, determining an application security risk value of each application program in the at least one application program according to the weight value corresponding to each application relation;
s140, performing security level division on the at least one application program according to the application security risk value of each application program.
The at least one application program in this embodiment of the present application may be one application program or multiple application programs, and the following embodiments in this embodiment of the present application describe the at least one application program as multiple application programs. The plurality of application programs and the plurality of authorities have a plurality of application relationships.
As shown in fig. 2, in the embodiment of the present application, the inventor proposes a bipartite graph-based model to determine the relationship between an application and a right, taking into account the characteristics of the application and the right. The method comprises the steps that a plurality of application programs are used as a first group of nodes in a bipartite graph, a plurality of authorities are used as a second group of nodes in the bipartite graph, and connection between the two groups of nodes is determined by application relation between the application programs and the authorities, namely, when and only when an application program applies for a right, the application program and the authorities have application relation and connection is established.
For example, the risk determination device for an application provided by the present invention is used as the execution subject of the present embodiment and executes steps S110 to S140. In particular, the determining means may be provided in the user equipment or the server device in software, hardware or a combination of software and hardware.
The implementation scheme of the embodiment of the application establishes a bipartite graph model of the application and the authority by determining the application relation between the application and the authority and the weight of the application relation, and determines the application security risk value of the application according to the bipartite graph model; in addition, in order to avoid that the user can not clearly perceive the security risk of the application program according to the application security risk value, the embodiment of the application also performs security level division on the application program, so that the user can conveniently select the application program with a proper security level according to the security privacy requirement of the user.
The steps of the method of the embodiment of the present application are further described below with reference to the bipartite graph shown in fig. 2:
in the embodiment of the present application, a bipartite graph shown in fig. 2 represents relationships between multiple applications and multiple rights in the embodiment of the present application, where the bipartite graph G may be represented as: g ═ V, E, W, where,
v is a node set, and has V ═ Va,Vp},
VaIs an application program set comprising the plurality of application programs a1~aMI.e. Va={a1,···,aMM is the number of the plurality of application programs and is a positive integer;
Vpis a set of rights comprising the plurality of rights p1~pNI.e. Vp={p1,···,pN}; n is the number of the plurality of authorities and is a positive integer;
e is a set of application relationships, wherein if and only if an application a in the plurality of applications is presentiApplying for a permission p of the plurality of permissionsjWhen there is an application relationship eij∈E;
W is a weight set, a weight WijE W represents said application relation eijThe weight of (2).
In the embodiment shown in FIG. 2, the bipartite graph includes 4 applications a1~a43 rights p1~p3(in the embodiment shown in FIG. 2, the application a1~a4Respectively as follows: angry birds (games), cut fruit (games), faceplates (socializing), and mascaras (games); the permission p1 is to read the state of the mobile phone, the permission p2 is to access the precise position, and the permission p3 represents to read the contact person); the application relationship set contains 8 application relationships (represented in fig. 2 by the connecting lines between the application and the rights): e.g. of the type11,e12,e21,e22,e32,e33,e42And e43They correspond to weights of 0.3, 0.7, 0.2, 0.8, 0.5, 0.5, 0.4 and 0.6, respectively.
In the embodiment of the present application, the weight wijRepresenting said application aiAnd the authority pjThe correlation of (c). In a possible implementation, the weight wijRepresenting said application aiApply for the permission pjThe probability of (c). Here application aiApplication authority pjMeans that in determining the application aiBefore applying which authorities it applies for authority pjThe possibility of (a). For example, for application relation e in FIG. 211In other words, 0.3 denotes the application program a1Application authority p1The probability of (2) is 0.3.
Of course, in other possible embodiments, the weight value may also be determined according to other criteria to indicate the degree of correlation between the application program and the right, and in particular, in one possible embodiment, the weight value may be determined according to a setting instruction of a user.
As described above, in a possible implementation manner of the embodiment of the present application, when determining the weight, the step S120 may determine the weight of each application relationship according to a probability that the application program corresponding to each application relationship applies for the authority.
In the embodiment of the present application, the probability may be obtained according to historical data. Optionally, in a possible implementation manner, the corresponding weight may be determined according to authority application history data of all application programs in an application category to which the application program belongs, where the application program corresponds to each application relationship. In the present embodiment, the application classification may be a classification according to a functional division of the application program, such as a game, an office, a map, or the like; but also a classification according to the developer of the application, or also a cluster classification according to the similarity of other aspects of the application, etc. Of course, one skilled in the art will recognize that the application classification may be a classification based on other classification criteria.
Optionally, in a possible implementation manner of the embodiment of the present application, the weight may be obtained according to a ratio of a frequency at which all applications apply for the permission in the application classification to which the applications belong to and a sum of a plurality of frequencies at which all applications apply for the plurality of permissions, respectively. Can be expressed by the following formula:
<math> <mrow> <msub> <mi>w</mi> <mi>ij</mi> </msub> <mo>=</mo> <mfrac> <msub> <mi>f</mi> <mi>ij</mi> </msub> <mrow> <msub> <mi>&Sigma;</mi> <mrow> <msub> <mi>p</mi> <mi>j</mi> </msub> <mo>&Element;</mo> <msup> <mi>V</mi> <mi>p</mi> </msup> </mrow> </msub> <msub> <mi>f</mi> <mi>ij</mi> </msub> </mrow> </mfrac> <mo>,</mo> </mrow> </math>
wherein f isijRepresenting said application aiApplication program application permission p in the application classificationjOf (c) is detected.
In a possible implementation manner of the embodiment of the present application, in order to obtain the normalized frequency, the frequency corresponding to the authority may be obtained by using a ratio of the number of the application programs applying for an authority in the application classification to all the application programs in the application classification. Of course, in other possible implementations of the embodiments of the present application, the frequency may also be determined in other ways.
In other possible implementation manners of the embodiment of the present application, in addition to determining the weight of each application relationship according to the application frequency of the authority, the weight may also be determined according to other parameters, such as external prior knowledge, which may calculate a correlation value between the application program and the authority for the opinion of experts in the field, other methods, and the like.
In a possible implementation manner of this embodiment of the present application, optionally, in step S130, the obtained application security risk value of the application program may be made more accurate through at least one constraint.
In one possible embodiment, the at least one constraint includes a first constraint that includes:
the higher the weight value corresponding to one application relation in the application relations is, the closer the application security risk value of the application program corresponding to the application relation is to the permission security risk value of the permission corresponding to the application relation.
In the embodiment of the application, the application security risk value represents the security risk of the corresponding application program, and the permission security risk value represents the security risk of the corresponding permission.
As will be appreciated by those skilled in the art, the first constraint takes into account the dominant relationship between the application and the rights. The higher the weight of an application and a right is, the stronger the correlation between the application and the right is, and when the risk of one is high, the other is bound to be high, and vice versa. Taking the embodiment shown in FIG. 2 as an example, for the authority p2In other words, the corresponding 4 application relations e12,e22,e32And e42The weights are 0.7, 0.8, 0.5 and 0.4, respectively, so that the authority p can be known according to the first constraint2Should be associated with application a2The application security risk values of (1) are closest.
Optionally, in a possible implementation, the at least one constraint further includes a second constraint, where the second constraint includes:
the more similar the authority application conditions of two applications in the plurality of applications are, the more similar the application security risk values of the two applications are.
In this embodiment, the right application status includes: and the application relation between the application authority of the application program and the application authority of the application program corresponds to the weight. When the permissions applied by the two application programs are more similar, and the weights applied for the same permission are more similar, the application security risk values of the two application programs should be more similar. Application a as shown in FIG. 21And application program a1All apply for permission p1And authority p2And application a3Or application a4In comparison, at this time, the application security risk values of the two applications should be closer; in addition, the two application programs not only apply for the same authority, but also respectively apply for the authority p1And authority p2Are also similar, so it is envisioned that application a1And application program a2Should be more similar. Likewise, application a3And application program a4Should also be more similar. Of course, application a1Or application a2And application program a3Or application a4Should be relatively dissimilar.
Optionally, in a possible implementation manner, the application program may be vector-represented by the weight values of all application relations corresponding to the application program, for example, the application program aiIs shown asWherein the vectorThe application program comprises N elements which sequentially correspond to N authorities, wherein when the application program applies for a authority, the corresponding element is a corresponding weight; when the application program aiIn the absence of a claim, the element is replaced by 0 (this isCan be regarded as the application program aiThe weight value of the right is applied to be 0); application program ajIs shown asFor example, in the embodiment shown in FIG. 2, application a1Corresponding vectorHere, 0 denotes the application program a1Without application of authority p3. The similarity of the two applications can be determined by the cosine distance of the vectors corresponding to the two applications:
<math> <mrow> <msubsup> <mi>s</mi> <mi>ij</mi> <mi>a</mi> </msubsup> <mo>=</mo> <mi>Cos</mi> <mrow> <mo>(</mo> <msub> <mover> <mi>a</mi> <mo>&RightArrow;</mo> </mover> <mi>i</mi> </msub> <mo>,</mo> <msub> <mover> <mi>a</mi> <mo>&RightArrow;</mo> </mover> <mi>j</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <mrow> <msub> <mover> <mi>a</mi> <mo>&RightArrow;</mo> </mover> <mi>i</mi> </msub> <mo>&CenterDot;</mo> <msub> <mover> <mi>a</mi> <mo>&RightArrow;</mo> </mover> <mi>j</mi> </msub> </mrow> <mrow> <mo>|</mo> <mo>|</mo> <msub> <mover> <mi>a</mi> <mo>&RightArrow;</mo> </mover> <mi>i</mi> </msub> <mo>|</mo> <mo>|</mo> <mo>&CenterDot;</mo> <mo>|</mo> <mo>|</mo> <msub> <mover> <mi>a</mi> <mo>&RightArrow;</mo> </mover> <mi>j</mi> </msub> <mo>|</mo> <mo>|</mo> </mrow> </mfrac> </mrow> </math>
of course, those skilled in the art will recognize that other methods for representing the similarity between two vectors may be used in the embodiments of the present application to determine the similarity between two applications, for example, the similarity between two vectors may be determined by the euclidean distance or the KL distance (Kullback-Leibler Divergence) between the two vectors.
Optionally, in a possible implementation, the at least one constraint further includes a third constraint, where the third constraint includes:
for two authorities in the plurality of authorities, the more similar the applied conditions of the two authorities are, the more similar the authority security risk values of the two authorities are.
In the embodiment of the present application, the applied status of the authority includes an application program applying the authority and a weight value of an application relationship corresponding to the authority applied by the application program. The more similar the application programs applying for the two authorities are, the more similar the application programs applying for the two authorities simultaneously are, the more similar the application relationship weights of the two authorities are, and the more similar the authority security risk values corresponding to the two authorities are. Still taking the embodiment shown in FIG. 2 as an example, it can be seen that the authority p1And authority p2Is simultaneously applied to program a1And application program a2Applied for, and at the same time, the two are respectively applied to the program a1And application program a2The applied weights are similar, and the authority p2And authority p3And is simultaneously applied to the program a3And application program a4Application, and authority p1And authority p3Is not applied by the same application, so it can be seen that at privilege p2And authority p3In, authority p1Is closer to the authority p2The rights security risk value of. Those skilled in the art will appreciate that if the right p3Is only appliedProcedure a1And application program a2Application, then permission p1And authority p3The rights security risk values of (a) are closer.
Optionally, in a possible implementation manner, the authority may be represented by a vector through the weights of all application relations corresponding to the authority, for example, the authority piIs shown as Wherein the vectorContains M elements, which are sequentially and respectively corresponding to M application programs, wherein, when an application program applies for the authority piWhen the weight value is greater than the threshold value, the corresponding element is the corresponding weight value; when an application program does not apply for the permission piWhen the element is replaced by 0 (at this time, the weight of the application program applying for the right is considered to be 0); permission pjIs shown asFor example, in the embodiment shown in FIG. 2, the privilege p1Corresponding vectorTwo 0 s here denote the application a respectively3And a4Without application of authority p1. The similarity of the two authorities can be determined by the cosine distance of the vectors corresponding to the two authorities:
<math> <mrow> <msubsup> <mi>s</mi> <mi>ij</mi> <mi>p</mi> </msubsup> <mo>=</mo> <mi>Cos</mi> <mrow> <mo>(</mo> <msub> <mover> <mi>p</mi> <mo>&RightArrow;</mo> </mover> <mi>i</mi> </msub> <mo>,</mo> <msub> <mover> <mi>p</mi> <mo>&RightArrow;</mo> </mover> <mi>j</mi> </msub> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <mrow> <msub> <mover> <mi>p</mi> <mo>&RightArrow;</mo> </mover> <mi>i</mi> </msub> <mo>&CenterDot;</mo> <msub> <mover> <mi>p</mi> <mo>&RightArrow;</mo> </mover> <mi>j</mi> </msub> </mrow> <mrow> <mo>|</mo> <mo>|</mo> <msub> <mover> <mi>p</mi> <mo>&RightArrow;</mo> </mover> <mi>i</mi> </msub> <mo>|</mo> <mo>|</mo> <mo>&CenterDot;</mo> <mo>|</mo> <mo>|</mo> <msub> <mover> <mi>p</mi> <mo>&RightArrow;</mo> </mover> <mi>j</mi> </msub> <mo>|</mo> <mo>|</mo> </mrow> </mfrac> </mrow> </math>
similarly, those skilled in the art will recognize that other methods for representing the similarity between two vectors may be used in the embodiments of the present application to determine the similarity between two rights, such as the euclidean distance described above.
In order to make the obtained application security risk value more accurate, external a priori knowledge may also be introduced into the calculation of the application security risk value, and therefore, optionally, in one possible embodiment, the at least one constraint further includes a fourth constraint, and the fourth constraint includes:
the application security risk values of the plurality of application programs are respectively consistent with the prior application security risk values of the plurality of application programs;
and the permission security risk values of the plurality of permissions are respectively consistent with the prior permission security risk values of the plurality of permissions.
In this embodiment of the present application, the fact that the application security risk values of the plurality of application programs and the permission security risk values of the plurality of permissions are respectively consistent with the prior application security risk value and the prior permission security risk value means that the application and the permission security risk values should satisfy prior knowledge, for example: the a priori app security risk value of a first application is greater than the a priori app security risk value of a second application, and the app security risk value of the first application should also be generally greater than the app security risk value of the second application. In the embodiment of the present application, the fourth constraint is introduced, so that the obtained application security risk value can be converged to a suitable range as soon as possible. In one possible embodiment, for an application, there may be multiple application security risk values that satisfy the above first, second, and third constraints, and then the fourth constraint may help determine which of the multiple application security risk values corresponding to the application is the more appropriate application security risk value for the application.
In this embodiment of the present application, the prior application security risk value and the prior permission security risk value may be obtained in various manners, for example, in some possible embodiments, a corresponding security risk value set by a domain expert may be used, a security classification may be constructed according to an external risk report to obtain a corresponding security risk value, or a corresponding security risk value may be obtained by using a most advanced security mode in a related field. In particular, in one possible implementation, the a priori application security risk value and the a priori permission security risk value may be obtained through user presetting.
In a possible implementation manner of the embodiment of the present application, in order to enable the obtaining efficiency of the corresponding application and permission security risk values to be higher, a priori application security risk value and a priori permission security risk value may be obtained by using Naive Bayes with information Priority (PNB).
In a possible implementation manner of the embodiment of the present application, the application security risk value of each application program in the plurality of application programs may be determined according to the weight corresponding to each application relationship and the first to fourth constraints.
For example, in one possible implementation, a cost function is defined that combines the above four constraints, expressed for example as:
<math> <mfenced open='' close=''> <mtable> <mtr> <mtd> <mi>Q</mi> <mrow> <mo>(</mo> <mi>a</mi> <mo>,</mo> <mi>p</mi> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <mi>&lambda;</mi> <mn>2</mn> </mfrac> <mo>&CenterDot;</mo> <mo>{</mo> <munder> <mi>&Sigma;</mi> <mi>i</mi> </munder> <msup> <mrow> <mo>|</mo> <mo>|</mo> <msubsup> <mi>R</mi> <mi>i</mi> <mi>a</mi> </msubsup> <mo>-</mo> <msubsup> <mover> <mi>R</mi> <mo>~</mo> </mover> <mi>i</mi> <mi>a</mi> </msubsup> <mo>|</mo> <mo>|</mo> </mrow> <mn>2</mn> </msup> <mo>+</mo> <munder> <mi>&Sigma;</mi> <mi>j</mi> </munder> <msup> <mrow> <mo>|</mo> <mo>|</mo> <msubsup> <mi>R</mi> <mi>j</mi> <mi>p</mi> </msubsup> <mo>-</mo> <msubsup> <mover> <mi>R</mi> <mo>~</mo> </mover> <mi>j</mi> <mi>p</mi> </msubsup> <mo>|</mo> <mo>|</mo> </mrow> <mn>2</mn> </msup> <mo>}</mo> <mo>+</mo> </mtd> </mtr> <mtr> <mtd> <mfrac> <mi>&mu;</mi> <mn>2</mn> </mfrac> <mo>&CenterDot;</mo> <mo>{</mo> <munder> <mi>&Sigma;</mi> <mrow> <mi>i</mi> <mo>,</mo> <mi>j</mi> </mrow> </munder> <msubsup> <mi>s</mi> <mi>ij</mi> <mi>a</mi> </msubsup> <msup> <mrow> <mo>|</mo> <mo>|</mo> <msubsup> <mi>R</mi> <mi>i</mi> <mi>a</mi> </msubsup> <mo>-</mo> <msubsup> <mi>R</mi> <mi>j</mi> <mi>a</mi> </msubsup> <mo>|</mo> <mo>|</mo> </mrow> <mn>2</mn> </msup> <mo>+</mo> <munder> <mi>&Sigma;</mi> <mi>ij</mi> </munder> <msubsup> <mi>s</mi> <mi>ij</mi> <mi>p</mi> </msubsup> <msup> <mrow> <mo>|</mo> <mo>|</mo> <msubsup> <mi>R</mi> <mi>i</mi> <mi>p</mi> </msubsup> <mo>-</mo> <msubsup> <mi>R</mi> <mi>j</mi> <mi>p</mi> </msubsup> <mo>|</mo> <mo>|</mo> </mrow> <mn>2</mn> </msup> <mo>}</mo> <mo>+</mo> </mtd> </mtr> <mtr> <mtd> <mfrac> <mn>1</mn> <mn>2</mn> </mfrac> <munder> <mi>&Sigma;</mi> <mrow> <mi>i</mi> <mo>,</mo> <mi>j</mi> </mrow> </munder> <msub> <mi>w</mi> <mi>ij</mi> </msub> <msup> <mrow> <mo>|</mo> <mo>|</mo> <msubsup> <mi>R</mi> <mi>i</mi> <mi>a</mi> </msubsup> <mo>-</mo> <msubsup> <mi>R</mi> <mi>j</mi> <mi>p</mi> </msubsup> <mo>|</mo> <mo>|</mo> </mrow> <mn>2</mn> </msup> </mtd> </mtr> </mtable> </mfenced> </math>
wherein,representing application aiIs applied to the security risk value of (a),representing application aiIs applied a priori with a security risk value,representing a right pjThe value of the security risk of the right of,representing a right pjThe first part above (the part in the first parenthesis) represents the fourth constraint mentioned above, the second part (the part in the second parenthesis) represents the second and third constraints, and the third part represents the first constraint. The parameters λ and μ are the parameters of the fourth constraint and theThe parameters of the second and third constraints, which are used to control the first and second parts described above, can be set by the user as desired. It can be seen that the cost function of the embodiments of the present application is not constrained by the second, third and fourth constraints when λ and μ are zero, but only needs to consider the first constraint.
It can be seen that in order to satisfy the constraints described above, suitable ones must be obtainedAndso that the cost function is as small as possible. Thus, in one possible embodiment, the feed may be given firstAndto assign an initial value, for example a value between 0 and 1, in one possible embodiment, for example:and continuously and iteratively updating the two values by a gradient descent method until the cost function is smaller than a set threshold value.
Of course, those skilled in the art will appreciate that the above cost function is only one possible way for the embodiment of the present application to find the application security risk value, and the application security risk value of the embodiment of the present application may also be obtained by other methods.
Optionally, in a possible implementation manner of the embodiment of the present application, the step S130 may be:
for each application of the plurality of applications:
and comparing at least one preset second threshold value with the application security risk value of each application program to determine the security level of each application program.
For example, in one possible implementation, the at least one second threshold may include, for example, a low second threshold and a high second threshold, wherein the low second threshold is less than the high second threshold; when the application security risk value of an application is less than the low second threshold, it may be determined that the security level of the application is low; when the application security risk value of an application program is greater than or equal to the low second threshold and is smaller than the high second threshold, the security level of the application program can be determined to be medium; when the application security risk value of an application is greater than or equal to the high second threshold, the security level of the application may be determined to be high.
It is defined in the embodiments of the present application that the higher the security level of the application program is, the smaller the security risk of the application program is, and vice versa.
In the above embodiment, the security level of the application program is divided into three levels, i.e., high, medium and low, but it will be understood by those skilled in the art that the security level of the application program may be other numbers, such as two levels, five levels, etc., as needed.
Optionally, in another possible implementation manner of the embodiment of the present application, in order to make the application program level division smoother, the step S130 may further include:
and performing safety grading on the plurality of application programs according to the dispersion of the application safety risk values of the plurality of application programs.
In one possible embodiment, the number of levels of the security level and to which level each application belongs can be determined by the coefficient of variation. Namely: and dividing the plurality of application programs into at least one security level according to the variation coefficient of the application security risk values of the plurality of application programs, wherein the variation coefficient of the application security risk values of at least one application program belonging to the same security level is within a preset first threshold range.
Here, the variation coefficient of the app security risk value of the at least one application is a ratio of a variance to a mean of the app security risk values of the at least one application.
For example, the security ranking may be performed according to application security risk values of a plurality of applications by:
sorting the plurality of application programs in a descending order according to the application security risk values;
from the first ranked application a1Calculating the variation coefficient, judging whether the variation coefficient is larger than a threshold value, and if not, continuing to add a second application program a2Continue to calculate the first application a1And a second application program a2If the application safety risk value is not greater than the variation coefficient threshold, continuing to sequentially add subsequent application programs until the obtained variation coefficient is greater than the variation coefficient threshold, judging whether the application safety risk value of the current application program is equal to the application safety risk value of the previous application program, and if so, continuing to add subsequent application programs and judging; if not, will be from the first application a1To the current application anAll applications of (1) are classified into a first security level; and then follows from the next application an+1Restarting to calculate the variation coefficient and judging until adding an application program an+mSatisfy from the next application an+1To the application an+mThe variation coefficient of the application security risk value of (a) is greater than the variation coefficient threshold and the application security risk value of the current application program is not equal to the application security risk value of the previous application program, at this time, the next application program a is executedn+1To the application an+mAll applications of (a) are classified into a second security level … and so onUntil all applications are divided.
It can be seen that, compared with the above method of setting at least one second threshold to perform level determination on the plurality of applications, in the embodiment of the present application, the number of levels of the applications does not need to be determined in advance, but the number of levels of the security levels may be determined according to the degree of dispersion of the application security risk values of the plurality of applications, so that the part with a larger change in the application security risk value is divided into more detailed parts.
Of course, those skilled in the art will appreciate that, in addition to determining the security levels of the plurality of applications by the second threshold and the coefficient of variation, the security levels of each of the plurality of applications may be determined in other manners, for example, by a gradient of a change in the applied security risk values of the plurality of applications, but the gradient method is more affected by fluctuations of individual points than the method by the coefficient of variation.
In a possible implementation manner, the method of the embodiment of the present application may be applied to a user equipment side, and is configured to determine a security level of an application program on the user equipment, where a user may determine, according to the security level of the application program, a possibility that the application program may bring a security problem to the user equipment, and then determine whether to install or uninstall the application program. Optionally, in another possible implementation manner, the method according to the embodiment of the present application may be implemented by an application distribution platform, and the application distribution platform may classify the applications according to the security levels of the plurality of applications, so that a user may select an application with a suitable security level according to the security privacy requirement of the user.
In one possible implementation, the plurality of applications are mobile applications applied to mobile user equipment (e.g., a mobile phone, a tablet computer, etc.), and the application distribution platform is also some application markets, such as an android application market like Google Play, and an App Store application market of apple.
It is understood by those skilled in the art that, in the method according to the embodiments of the present application, the sequence numbers of the steps do not mean the execution sequence, and the execution sequence of the steps should be determined by their functions and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
As shown in fig. 3, one possible implementation manner of the embodiment of the present application provides an apparatus 400 for determining risk of an application, including:
an application relation determining module 410, configured to determine at least one application relation between at least one application program and a plurality of permissions; wherein each application relationship in the at least one application relationship corresponds to an application program in the at least one application program applying for a right in the plurality of rights;
a weight determination module 420, configured to determine a weight of each application relationship in the at least one application relationship;
a risk value determining module 430, configured to determine an application security risk value of each application program in the at least one application program according to the weight corresponding to each application relationship;
a ranking module 440, configured to perform security ranking on the at least one application according to the application security risk value of each application.
Similar to the method embodiments described above, the following embodiments of the present application further describe the at least one application as a plurality of applications. At this time, the application relation determining module 410 is configured to determine a plurality of application relations between the plurality of applications and the plurality of rights.
The apparatus 400 of the embodiment of the present application determines the relationship between the plurality of applications and the plurality of rights through a bipartite graph-based model. Reference is made in particular to the corresponding description of the embodiment shown in fig. 1.
The implementation scheme of the embodiment of the application establishes a bipartite graph model of the application and the authority by determining the application relation between the application and the authority and the weight of the application relation, and determines the application security risk value of the application according to the bipartite graph model; in addition, in order to avoid that the user can not clearly perceive the security risk of the application program according to the application security risk value, the embodiment of the application also performs security level division on the application program, so that the user can conveniently select the application program with a proper security level according to the security privacy requirement of the user.
The present application example further illustrates each module of the present application example by the following embodiments.
In a possible implementation manner of the embodiment of the present application, for further description of the multiple application relationships between the multiple application programs and the multiple permissions and the weight corresponding to each application relationship, refer to the description of the implementation manner shown in fig. 2 in the foregoing method embodiment, and details are not repeated here.
In the embodiment of the present application, the weight of the application relationship corresponds to a correlation between the application program corresponding to the application relationship and the authority, and generally, the stronger the correlation, the larger the size of the weight. Therefore, the weight determination module 420 can determine the size of the weight according to the correlation between the application and the weight. In a possible embodiment, the correlation may be obtained by the size of the probability that the application applies for the right. Of course, one skilled in the art will recognize that in other possible embodiments, the correlation between the application and the rights may be determined in other ways than by the probabilities.
Therefore, optionally, as shown in fig. 4, in a possible implementation manner of this embodiment of the application, the weight determining module 420 may include:
the weight determination submodule 421 is configured to determine a weight of each application relationship according to the probability that the application program applies for the permission corresponding to each application relationship.
In a possible implementation manner of the embodiment of the present application, the probability may be obtained according to historical data. Further, in this embodiment, the weight determining submodule 421 may include:
a weight determining unit 4211, configured to determine the corresponding weight according to the permission application history data of all the applications in an application category to which the application belongs, where the application corresponds to each application relationship.
In the present embodiment, the application classification may be a classification according to functional division of an application, such as games, offices, maps, and the like; but also a classification according to the developer of the application, or also a cluster classification according to the similarity of other aspects of the application, etc. Of course, one skilled in the art will recognize that the application classification may also be a classification based on other classification criteria.
As shown in fig. 5, in a possible implementation manner, for convenience of calculation, the weight determination unit 4211 includes:
a weight determination subunit 4211a, configured to obtain the weight according to a ratio of the frequency of applying for the permission by all the application programs in the application classification to a sum of multiple frequencies of respectively applying for the multiple permissions by all the application programs. Reference is made in particular to the corresponding description of the embodiment of the method shown in fig. 2.
In a possible implementation manner of the embodiment of the present application, in order to obtain the normalized frequency, the frequency corresponding to the authority may be obtained by using a ratio of the number of the application programs applying for an authority in the application classification to all the application programs in the application classification. Of course, in other possible implementations of the embodiments of the present application, the frequency may also be determined in other ways.
In order to determine the application security risk value of each application program more quickly and accurately, optionally, in a possible embodiment, the risk value determining module 430 includes:
a risk value determining submodule 431, configured to determine the application security risk value of each application according to the weight corresponding to each application relationship and at least one constraint;
wherein the at least one constraint comprises a first constraint comprising:
the higher the weight value corresponding to one application relation in the application relations is, the closer the application security risk value of the application program corresponding to the application relation is to the permission security risk value of the permission corresponding to the application relation.
In the embodiment of the application, the application security risk value represents the security risk of the corresponding application program, and the permission security risk value represents the security risk of the corresponding permission.
As will be appreciated by those skilled in the art, the first constraint takes into account the dominant relationship between the application and the rights. The higher the weight of an application and a right is, the stronger the correlation between the application and the right is, and when the risk of one is high, the other is bound to be high, and vice versa. Reference is made in particular to the corresponding description in the above-mentioned method embodiments.
Optionally, in a possible implementation, the at least one constraint further includes a second constraint, where the second constraint includes:
the more similar the authority application conditions of two applications in the plurality of applications are, the more similar the application security risk values of the two applications are.
In this embodiment, the right application status includes: and the application relation between the application authority of the application program and the application authority of the application program corresponds to the weight. When the permissions applied by the two application programs are more similar, and the weights applied for the same permission are more similar, the application security risk values of the two application programs should be more similar. Reference is made in particular to the corresponding description in the above-mentioned method embodiments.
Optionally, in a possible implementation manner, the application program may be represented by a vector through a weight of all application relationships corresponding to the application program, and at this time, the similarity between the two application programs may be determined through a cosine distance between the two application programs. Reference is made in particular to the corresponding description in the above-mentioned method embodiments.
Of course, those skilled in the art will recognize that other methods for representing the similarity between two vectors may be used in the embodiments of the present application to determine the similarity between two applications.
Optionally, in a possible implementation, the at least one constraint further includes a third constraint, where the third constraint includes:
for two authorities in the plurality of authorities, the more similar the applied conditions of the two authorities are, the more similar the authority security risk values of the two authorities are.
In the embodiment of the present application, the applied status of the authority includes an application program applying the authority and a weight value of an application relationship corresponding to the authority applied by the application program. The more similar the application programs applying for the two authorities are, the more similar the application programs applying for the two authorities simultaneously are, the more similar the application relationship weights of the two authorities are, and the more similar the authority security risk values corresponding to the two authorities are.
Optionally, in a possible implementation manner, the authority may be represented by a vector through the weights of all application relationships corresponding to one authority, and at this time, the similarity between two authorities may be determined through the cosine distance between the two authorities. Reference is made in particular to the corresponding description in the above-mentioned method embodiments.
Similarly, those skilled in the art will recognize that other methods for representing the similarity between two vectors may be used in the embodiments of the present application to determine the similarity between two rights.
In order to make the obtained application security risk value more accurate, external a priori knowledge may also be introduced into the calculation of the application security risk value, and therefore, optionally, in one possible embodiment, the at least one constraint further includes a fourth constraint, and the fourth constraint includes:
the application security risk values of the plurality of application programs are respectively consistent with the prior application security risk values of the plurality of application programs;
and the permission security risk values of the plurality of permissions are respectively consistent with the prior permission security risk values of the plurality of permissions.
In the embodiment of the present application, the application security risk values of the plurality of application programs and the permission security risk values of the plurality of permissions are respectively consistent with the prior application security risk value and the prior permission security risk value, which means that the application and the permission security risk values should satisfy the prior knowledge. For example, the application security risk value should be as close as possible to the a priori application security risk value and the rights security risk value should be as close as possible to the a priori rights security risk value, provided that other constraints are simultaneously satisfied. In the embodiment of the present application, the fourth constraint is introduced, so that the obtained application security risk value may converge to a suitable range as soon as possible, specifically refer to the corresponding description in the foregoing method embodiment.
In this embodiment of the present application, the apriori application security risk value and the apriori authority security risk value may be obtained in various ways, for example, in some possible implementations, a security risk value set by a domain expert may be used, a security classification may be constructed according to an external risk report to obtain a corresponding security risk value, or a security mode that is most advanced in a related domain may be used to obtain a corresponding security risk value. In particular, in one possible implementation, the a priori application security risk value and the a priori permission security risk value may be obtained through user presetting.
In a possible implementation manner of the embodiment of the present application, in order to make the obtaining efficiency of the corresponding application and permission security risk values higher, a PNB may be used to obtain the prior application security risk value and the prior permission security risk value.
In a possible implementation manner of the embodiment of the present application, the application security risk value of each application program in the plurality of application programs may be determined according to the weight corresponding to each application relationship and the first to fourth constraints.
For example, in one possible implementation, the application security risk value of each application program may be obtained by the cost function in the above method embodiment.
Of course, those skilled in the art can appreciate that the above cost function is only one possible way for the embodiment of the present application to find the application security risk value and the rights security risk value, and the application security risk value and the rights security risk value of the embodiment of the present application can also be obtained by other formulas or functions.
As shown in fig. 6a, optionally, in a possible implementation manner of this embodiment of the present application, the ranking module 440 may include:
a second partitioning sub-module 442 for:
for each of the at least one application:
and comparing at least one preset second threshold value with the application security risk value of each application program to determine the security level of each application program.
In this embodiment, for further description of ranking the plurality of application programs according to the application security risk value of the application program and the at least one second threshold, refer to the corresponding description in the foregoing method embodiment, and details are not repeated here.
In the embodiment of the present application, the security level may be divided into two levels, or three levels … or more, as required.
As shown in fig. 6b, optionally, in another possible implementation manner of this embodiment of the present application, in order to make the application program ranking smoother, the ranking module 440 may include:
a first dividing module 441, configured to perform security level division on the multiple applications according to the dispersion of the application security risk values of the multiple applications.
Optionally, in a possible implementation manner of this embodiment of the present application, the first dividing module 441 includes:
the ranking unit 4411 is configured to rank the at least one application according to a coefficient of variation of the application security risk values of the plurality of applications, wherein the coefficient of variation of the application security risk values of at least one application belonging to the same security level is within a preset first threshold range.
Here, the variation coefficient of the app security risk value of the at least one application is a ratio of a variance to a mean of the app security risk values of the at least one application.
For further description of the security level division of the plurality of application programs according to the variation coefficient, refer to the corresponding description in the above method embodiment, and are not described herein again.
Also, as will be appreciated by those skilled in the art, in addition to the determination of the security levels of the plurality of applications by the first sub-division module 441 and the first sub-division module 442, the security levels of the plurality of applications may be determined according to other modules, for example, the security level of each of the plurality of applications may be determined by the gradient of the application security risk values of the plurality of applications after the above-mentioned sorting.
In a possible implementation manner, the apparatus of the embodiment of the present application may be applied to a user device, for example, a user device such as a mobile phone, a tablet computer, a notebook computer, and the like, to determine a security level of an application program on the user device, so that a user may determine, according to the security level of the application program, a possibility that the application program may bring a security problem to the user device, and further determine whether to install or uninstall the application program. Optionally, in another possible implementation manner, the apparatus of the embodiment of the present application may be further applied to a server of an application distribution platform, and configured to obtain the security level of the application program on the application distribution platform, so that the application distribution platform may classify the application program according to the security levels of the plurality of application programs, and further, a user may select an application program with a suitable security level according to the security privacy requirement of the user.
In one possible implementation, the plurality of applications are mobile applications applied to mobile user equipment (e.g., a mobile phone, a tablet computer, etc.), and the application distribution platform is also some application markets, such as an android application market like Google Play, and an App Store application market of apple.
As shown in fig. 7, in one possible implementation manner of the embodiment of the present application, an electronic device 700 is provided, which includes the risk determination device 710 of the application program described above.
In one possible implementation, the electronic device 700 may be a user equipment, and optionally, may be a mobile user equipment. In another possible implementation, the electronic device 700 may also be a server, for example, a server of an application distribution platform.
Fig. 8 is a schematic structural diagram of another risk determining apparatus 800 for an application according to an embodiment of the present application, and the embodiment of the present application does not limit the specific implementation of the risk determining apparatus 800 for an application. As shown in fig. 8, the risk determining device 800 of the application program may include:
a processor (processor)810, a communication Interface 820, a memory 830, and a communication bus 840. Wherein:
processor 810, communication interface 820, and memory 830 communicate with one another via a communication bus 840.
A communication interface 820 for communicating with a network element, such as a client.
The processor 810 is configured to execute the program 832, and may specifically perform the relevant steps in the above method embodiments.
In particular, the program 832 may include program code comprising computer operational instructions.
The processor 810 may be a central processing unit CPU, or an application Specific Integrated circuit asic, or one or more Integrated circuits configured to implement embodiments of the present application.
The memory 830 stores a program 832. Memory 830 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory. The program 832 may particularly be used to cause said risk determination device 800 of an application to perform the following steps:
determining at least one application relationship between at least one application program and a plurality of authorities; wherein each application relationship in the at least one application relationship corresponds to an application program in the at least one application program applying for a right in the plurality of rights;
determining a weight value of each application relation in the at least one application relation;
determining an application security risk value of each application program in the at least one application program according to the weight corresponding to each application relation;
and performing security level division on the at least one application program according to the application security risk value of each application program.
For specific implementation of each step in the program 832, reference may be made to corresponding steps and corresponding descriptions in units in the foregoing embodiments, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
Those of ordinary skill in the art will appreciate that the various illustrative elements and method steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are merely illustrative, and not restrictive, and those skilled in the relevant art can make various changes and modifications without departing from the spirit and scope of the present application, and therefore all equivalent technical solutions also fall within the scope of the present application, and the scope of the present application is defined by the appended claims.

Claims (23)

1. A method for risk determination of an application, comprising:
determining at least one application relationship between at least one application program and a plurality of authorities; wherein each application relationship in the at least one application relationship corresponds to an application program in the at least one application program applying for a right in the plurality of rights;
determining a weight value of each application relation in the at least one application relation;
determining an application security risk value of each application program in the at least one application program according to the weight corresponding to each application relation;
and performing security level division on the at least one application program according to the application security risk value of each application program.
2. The method of claim 1, wherein the weight of each application relationship is determined according to a probability that the application program corresponding to each application relationship applies for the permission.
3. The method according to claim 1, wherein the corresponding weight value is determined according to the permission application history data of all the applications in an application classification to which the application belongs corresponding to each application relationship.
4. The method according to claim 3, wherein the weight is obtained according to a ratio of a frequency of applying for the permission by all the applications in the application classification to a sum of a plurality of frequencies of respectively applying for the plurality of permissions by all the applications.
5. The method according to claim 1, wherein the determining the application security risk value of each application program of the at least one application program according to the weight corresponding to each application relationship comprises:
determining the application security risk value of each application program according to the weight value corresponding to each application relation and at least one constraint;
wherein the at least one constraint comprises a first constraint comprising:
the higher the weight value corresponding to one application relation in the at least one application relation is, the closer the application security risk value of an application program corresponding to the application relation is to the authority security risk value of an authority corresponding to the application relation.
6. The method of claim 5, wherein the at least one application is a plurality of applications, the at least one constraint further comprising a second constraint comprising:
the more similar the authority application conditions of two applications in the plurality of applications are, the more similar the application security risk values of the two applications are.
7. The method of claim 5, wherein the at least one constraint further comprises a third constraint, the third constraint comprising:
for two authorities in the plurality of authorities, the more similar the applied conditions of the two authorities are, the more similar the authority security risk values of the two authorities are.
8. The method of claim 5, wherein the at least one constraint further comprises a fourth constraint, the fourth constraint comprising:
the application security risk values of the at least one application are respectively consistent with the prior application security risk values of the at least one application;
and the permission security risk values of the plurality of permissions are respectively consistent with the prior permission security risk values of the plurality of permissions.
9. The method of claim 1, wherein said security ranking said at least one application according to said application security risk value for said each application comprises:
and performing security level division on the plurality of application programs according to the dispersion of the application security risk values of the at least one application program.
10. The method of claim 9, wherein said security ranking the plurality of applications according to the dispersion of the application security risk values of the at least one application comprises:
and classifying the at least one application program into at least one security level according to the coefficient of variation of the application security risk value of the at least one application program, wherein the coefficient of variation of the application security risk value of the at least one application program belonging to the same security level is within a preset first threshold range.
11. The method of claim 1, wherein said security ranking said at least one application according to said application security risk value for said each application comprises:
for each of the at least one application:
and comparing at least one preset second threshold value with the application security risk value of each application program to determine the security level of each application program.
12. A risk determination device for an application, comprising:
the application relation determining module is used for determining at least one application relation between at least one application program and a plurality of authorities; wherein each application relationship in the at least one application relationship corresponds to an application program in the at least one application program applying for a right in the plurality of rights;
a weight determination module, configured to determine a weight of each application relationship in the at least one application relationship;
a risk value determining module, configured to determine an application security risk value of each application program in the at least one application program according to the weight corresponding to each application relationship;
and the grading module is used for carrying out security grading on the at least one application program according to the application security risk value of each application program.
13. The apparatus of claim 12, wherein the weight determination module comprises:
and the weight determination submodule is used for determining the weight of each application relation according to the probability of the application program corresponding to each application relation applying for the permission.
14. The apparatus of claim 13, wherein the weight determination submodule comprises:
and the weight value determining unit is used for determining the corresponding weight value according to the permission application historical data of all the application programs in an application classification to which the application program belongs, which corresponds to each application relation.
15. The apparatus of claim 14, wherein the weight determination unit comprises:
and the weight determining subunit is configured to obtain the weight according to a ratio of the frequency at which the all application programs apply for the permission in the application classification to a sum of the frequencies at which the all application programs respectively apply for the plurality of permissions.
16. The apparatus of claim 12, wherein the risk value determination module comprises:
a risk value determining submodule, configured to determine the application security risk value of each application program according to the weight corresponding to each application relationship and at least one constraint;
wherein the at least one constraint comprises a first constraint comprising:
the higher the weight value corresponding to one application relation in the at least one application relation is, the closer the application security risk value of an application program corresponding to the application relation is to the authority security risk value of an authority corresponding to the application relation.
17. The apparatus of claim 16, wherein the at least one application is a plurality of applications, the at least one constraint further comprising a second constraint comprising:
the more similar the authority application conditions of two applications in the plurality of applications are, the more similar the application security risk values of the two applications are.
18. The apparatus of claim 16, wherein the at least one constraint further comprises a third constraint, the third constraint comprising:
for two authorities in the plurality of authorities, the more similar the applied conditions of the two authorities are, the more similar the authority security risk values of the two authorities are.
19. The apparatus of claim 16, wherein the at least one constraint further comprises a fourth constraint, the fourth constraint comprising:
the application security risk values of the at least one application are respectively consistent with the prior application security risk values of the at least one application;
and the permission security risk values of the plurality of permissions are respectively consistent with the prior permission security risk values of the plurality of permissions.
20. The apparatus of claim 12, wherein the ranking module comprises:
the first dividing module is used for carrying out safety level division on the plurality of application programs according to the dispersion of the application safety risk values of the at least one application program.
21. The apparatus of claim 20, wherein the first binning module comprises:
the system comprises a ranking unit, a processing unit and a processing unit, wherein the ranking unit is used for ranking at least one application program into at least one security level according to the coefficient of variation of the application security risk value of the at least one application program, and the coefficient of variation of the application security risk value of the at least one application program belonging to the same security level is within a preset first threshold range.
22. The method of claim 12, wherein the ranking module comprises:
a second partitioning submodule to:
for each of the at least one application:
and comparing at least one preset second threshold value with the application security risk value of each application program to determine the security level of each application program.
23. An electronic device, characterized in that it comprises risk determination means of an application according to any of claims 12-22.
CN201410326061.7A 2014-07-09 2014-07-09 The risk of application program determines method and determining device Active CN104091071B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410326061.7A CN104091071B (en) 2014-07-09 2014-07-09 The risk of application program determines method and determining device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410326061.7A CN104091071B (en) 2014-07-09 2014-07-09 The risk of application program determines method and determining device

Publications (2)

Publication Number Publication Date
CN104091071A true CN104091071A (en) 2014-10-08
CN104091071B CN104091071B (en) 2017-11-07

Family

ID=51638787

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410326061.7A Active CN104091071B (en) 2014-07-09 2014-07-09 The risk of application program determines method and determining device

Country Status (1)

Country Link
CN (1) CN104091071B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104376266A (en) * 2014-11-21 2015-02-25 工业和信息化部电信研究院 Determination method and device for security level of application software
CN104376258A (en) * 2014-11-20 2015-02-25 工业和信息化部电信研究院 Safety risk detecting method and device for Android application program
CN104636489A (en) * 2015-02-27 2015-05-20 百度在线网络技术(北京)有限公司 Processing method and processing device for description attribute data
CN105117544A (en) * 2015-08-21 2015-12-02 李涛 Android platform App risk assessment method based on mobile cloud computing and Android platform App risk assessment device based on mobile cloud computing
WO2017004918A1 (en) * 2015-07-06 2017-01-12 深圳市中兴微电子技术有限公司 Security control method and device, and computer storage medium
CN106874748A (en) * 2015-12-11 2017-06-20 北京奇虎科技有限公司 A kind of method and apparatus that user data is provided
CN112270014A (en) * 2020-10-16 2021-01-26 维沃移动通信有限公司 Application program control method and device and electronic equipment
CN113158236A (en) * 2021-03-30 2021-07-23 中电数据服务有限公司 Method for evaluating personal information protection capability of application software in real-time running state

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222192A (en) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 Optimizing anti-malicious software treatment by automatically correcting detection rules
CN103473504A (en) * 2013-09-25 2013-12-25 西安交通大学 Android malicious code detection method based on class analysis
CN103530796A (en) * 2013-10-10 2014-01-22 北京智谷睿拓技术服务有限公司 Active period detection method and active period detection system of application program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222192A (en) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 Optimizing anti-malicious software treatment by automatically correcting detection rules
CN103473504A (en) * 2013-09-25 2013-12-25 西安交通大学 Android malicious code detection method based on class analysis
CN103530796A (en) * 2013-10-10 2014-01-22 北京智谷睿拓技术服务有限公司 Active period detection method and active period detection system of application program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张叶慧等: "基于类别以及权限的Android恶意程序检测", 《计算机工程与设计》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104376258B (en) * 2014-11-20 2017-12-12 工业和信息化部电信研究院 The security risk detection method and device of Android application program
CN104376258A (en) * 2014-11-20 2015-02-25 工业和信息化部电信研究院 Safety risk detecting method and device for Android application program
CN104376266A (en) * 2014-11-21 2015-02-25 工业和信息化部电信研究院 Determination method and device for security level of application software
CN104376266B (en) * 2014-11-21 2017-09-15 工业和信息化部电信研究院 The determination method and device of application software level of security
CN104636489A (en) * 2015-02-27 2015-05-20 百度在线网络技术(北京)有限公司 Processing method and processing device for description attribute data
CN104636489B (en) * 2015-02-27 2018-04-13 百度在线网络技术(北京)有限公司 The treating method and apparatus of attribute data is described
WO2017004918A1 (en) * 2015-07-06 2017-01-12 深圳市中兴微电子技术有限公司 Security control method and device, and computer storage medium
CN105117544A (en) * 2015-08-21 2015-12-02 李涛 Android platform App risk assessment method based on mobile cloud computing and Android platform App risk assessment device based on mobile cloud computing
CN105117544B (en) * 2015-08-21 2018-09-28 李涛 Android platform App methods of risk assessment and device based on mobile cloud computing
CN106874748A (en) * 2015-12-11 2017-06-20 北京奇虎科技有限公司 A kind of method and apparatus that user data is provided
CN112270014A (en) * 2020-10-16 2021-01-26 维沃移动通信有限公司 Application program control method and device and electronic equipment
CN112270014B (en) * 2020-10-16 2022-06-10 维沃移动通信有限公司 Application program control method and device and electronic equipment
CN113158236A (en) * 2021-03-30 2021-07-23 中电数据服务有限公司 Method for evaluating personal information protection capability of application software in real-time running state

Also Published As

Publication number Publication date
CN104091071B (en) 2017-11-07

Similar Documents

Publication Publication Date Title
CN104090967B (en) Application program recommends method and recommendation apparatus
CN104091071B (en) The risk of application program determines method and determining device
CN108140075B (en) Classifying user behavior as anomalous
Torres et al. SMOTE-D a deterministic version of SMOTE
US8572019B2 (en) Reducing the dissimilarity between a first multivariate data set and a second multivariate data set
US20190155824A1 (en) Enabling advanced analytics with large data sets
JP5755822B1 (en) Similarity calculation system, similarity calculation method, and program
WO2018170454A2 (en) Using different data sources for a predictive model
CN107895038B (en) Link prediction relation recommendation method and device
CN103678672A (en) Method for recommending information
US11403550B2 (en) Classifier
US10642912B2 (en) Control of document similarity determinations by respective nodes of a plurality of computing devices
CN104156467A (en) API recommendation method and API recommendation device
KR101605654B1 (en) Method and apparatus for estimating multiple ranking using pairwise comparisons
CN104091131B (en) The relation of application program and authority determines method and determining device
CN104035978B (en) Combo discovering method and system
Chu et al. Variational cross-network embedding for anonymized user identity linkage
CN104156468A (en) API recommendation method and API recommendation device
CN104091117A (en) Clustering method and device based on safety risks
Sobolewski et al. SCR: simulated concept recurrence–a non‐supervised tool for dealing with shifting concept
Khalid et al. Scalable and practical One-Pass clustering algorithm for recommender system
CN104091118B (en) Legal power safety risk determines method and determining device
Vriesmann et al. Improving a dynamic ensemble selection method based on oracle information
CN109255079B (en) Cloud service personality recommendation system and method based on sparse linear method
JP7468681B2 (en) Learning method, learning device, and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant