CN104217159A - Mutual-help mobile terminal anti-virus method and system independent of searching and killing engine - Google Patents
Mutual-help mobile terminal anti-virus method and system independent of searching and killing engine Download PDFInfo
- Publication number
- CN104217159A CN104217159A CN201310212279.5A CN201310212279A CN104217159A CN 104217159 A CN104217159 A CN 104217159A CN 201310212279 A CN201310212279 A CN 201310212279A CN 104217159 A CN104217159 A CN 104217159A
- Authority
- CN
- China
- Prior art keywords
- software
- contrast
- comparison
- helping
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
Abstract
The invention relates to a mutual-help mobile terminal anti-virus and anti-malware method and system independent of a searching and killing engine. The defect that as a traditional virus searching and killing method needs to occupy a large number of system resources and operational capability, a mobile phone cannot bear is overcome. Point-to-point network connection is built between mobile terminals through mutual-help comparison safety software or functional modules, check codes of common files are compared, the equivocation of the compared files is reduced or improved according to the compassion result, and references are provided for a user.
Description
Technical field
The present invention relates to mobile security field, a kind of particularly mobile terminal anti-virus anti-malware method not relying on killing engine, and corresponding mobile terminal anti-virus Anti-malware system.
Background technology
It is the intellectualization times of representative that current mobile communication terminal field has entered with smart mobile phone, major part Smartphone device is small and exquisite, except as except verbal system, can use as personal computer, but compared with the function of main flow computer, smart mobile phone is also slightly inferior in hardware performance, also not as good as PC in the software compatibility, complete function etc. are many.
Along with popularizing of smart mobile phone, mobile phone viruses also more and more spreads unchecked.The computer virus form of this to be a kind of with mobile phone be target of attack, it can with cell phone network and computer network for platform, by mobile communication approach, the network equipment such as mobile phone and short messaging gateway is attacked, cause mobile phone to use diffusion that is abnormal and virus.
Mobile phone viruses is great for the harm of user sometimes, therefore, is necessary very much for the strick precaution of mobile phone viruses and killing.But, intelligent mobile phone system cannot carry out " transplanting " the more ripe anti-virus scheme of PC platform, this is because the anti-viral software in PC platform has Anti-Virus Engine, and can be upgraded virus base by cable network, traditional detection and puncturing pattern is taked to clear up software virus, and this mode needs computer to possess certain hardware configuration and arithmetic capability, the hardware performance of cell phone system will reach this standard and undertake to do what is apparently beyond one's ability, and this pattern is not suitable for the mobile device of cell phone type.
The hardware resource that traditional PC anti-viral software takies computer is very large, when anti-viral software runs, occupy a large amount of CPU and memory source, the arithmetic speed of computer is reduced, even work as machine, if this pattern is transplanted on mobile phone and mobile model equipment, the mobile phone hardware system that function is simple, poor arithmetic ability, power supply capacity are limited must be allowed to be difficult to bear.
Summary of the invention
summary of the invention
In order to overcome the defect of traditional virus investigation virus killing mode, present applicant proposes a kind of collaborative comparison security system, this brand-new security concept is fundamentally forgone traditional mode, take the mode of comparing between individual terminal device, do not need the ample resources taking hardware, do not need, at user side, huge software engine and virus database are installed.
detailed Description Of The Invention
Security system of the present invention, comprises two or more platform mobile terminal devices, such as smart mobile phone, and the network also comprised between them connects and the corresponding network equipment, such as router, or router simulation softward.
Security system of the present invention, comprises a kind of software that can perform the method, or software function module, and it can be installed on the mobile terminal devices such as mobile phone.This software or software function module can be java language compilation, also can be other language compilation, it is compiled as and can runs in the operating system of mobile terminal device, this operating system can be Android system, or iOS system, or Saipan system, or windows mobile system, or the Novel smart mobile phone operating system that may occur future or computer operating system.
Security system of the present invention can also comprise one or more webserver, for auxiliary method of the present invention.
Security system of the present invention can also comprise the relation medium that Web Community, social group etc. help to set up between terminal device point to point connect.
The present invention takes the mode of comparing between individual terminal device, and various possible internetwork connection mode can be utilized between equipment to connect.
Particular content of the present invention comprises:
A kind of collaborative comparison security system, it comprises the mobile terminal device that two or more platforms are provided with software program, described multiple stage mobile terminal device is all provided with contrast fail-safe software of helping each other, or with the software contrasting safety function module of helping each other, described helping each other contrasts fail-safe software or the point to point network between terminal can be utilized to connect with the software of contrast safety function module of helping each other, or initiates point to point connect between the terminals; Described help each other contrast fail-safe software or help each other contrast safety function module can also to file each in system carry out a kind of irreversible to computations, obtain a particular verified information, described particular verified information is a kind of electronic signature.
Foregoing collaborative comparison security system, wherein said particular verified information is selected from the one in MD5 code, SHA-1 code, DES code and RSA code.
A kind of collaborative comparison safety method, to be helped each other contrast fail-safe software by one, or perform with the software of contrast safety function module of helping each other, described software or module are arranged on two or more platforms and are also provided with on the mobile terminal device of other software programs, the point to point network between terminal is utilized to connect, the file installed in terminal device is compared, the mode of described comparison is the particular verified information of same through computations of each file of comparison, if comparison result is identical, helping each other to contrast fail-safe software or help each other contrasts the suspicious degree that safety function module reduces this file, if comparison result is different, helping each other to contrast fail-safe software or help each other contrasts the suspicious degree that safety function module improves this file, suspicious degree result sends to the user of terminal device, the described particular verified information through computations is a kind of electronic signature.
Foregoing collaborative comparison safety method, mobile terminal device is wherein smart mobile phone.
Foregoing collaborative comparison safety method, the wired connection mode between the communication network that it is wireless WIFI network that network wherein connects, bluetooth connects, mobile operator provides or terminal sets up point to point connect.
Foregoing collaborative comparison safety method, it is that user initiatively specifies and sets up that network wherein connects.
Foregoing collaborative comparison safety method, network wherein connects help each other contrast fail-safe software or contrast safety function module automatic search also foundation between the terminals of helping each other.
Foregoing collaborative comparison safety method, network wherein to have connected due to other operations or has been about to set up, and be described contrast fail-safe software of helping each other, or contrast safety function module of helping each other utilized.
Foregoing collaborative comparison safety method, network wherein connects to be set up between the terminals by help each other contrast fail-safe software or contrast safety function module of helping each other, and utilize by other softwares in terminal.
In the middle of one embodiment of the present of invention, between two or more terminal devices by wireless WIFI network, bluetooth connect or mobile operator provide communication network, even can set up point to point connect by wired modes such as the netting twines between terminal.Faster for more advanced, the more power saving that may occur future, transmission speed, connect more stable, transmit apart from farther novel wire/wireless connected mode, as long as can make to set up point to point connect between two station terminals, just may be used for connected mode of the present invention.
In the middle of one embodiment of the present of invention, after connection establishment, carry out the mutual comparison of total file between cell phone apparatus, a kind of particular verified information of each file of comparison, what employing was sought common ground while reserving difference reduces the scope.Because check code only takies tens bytes, even if therefore once comparison heap file, required flow and resource are also quite few.Comparison result is identical file, and suspicious degree reduces; And files different after comparison, suspicious degree increases.By one or more comparison, namely can provide clear and definite prompting to user, help user to judge a certain program or file whether Malware.The electronic signature that namely described particular verified information encrypt or electronic fingerprint, such as but not limited to MD5 code, SHA-1 code, DES code or RSA code etc., the cryptographic algorithm that the present invention adopts must be irreversible, and ensure the integrality of data, and be unique sign of verification file characteristic, identical content obtains identical check information, and different contents obtains different check informations.
In the middle of one embodiment of the present of invention, the file of institute's comparison is the sequential operation File needed for a certain software particular version runs, such as executable program file or dynamic link library file, himself is fit into system at software and in the process for a long time, be repeatedly run, is modified hardly.Such as .apk file in Android system .dex file .so file.User profile, user profile log file or program log sheet etc. are known in the art unlikely comprises Virus and the file be easily modified does not participate in comparison, to improve the efficiency of comparison further.For a certain file the need of comparing, can be judged by its file header or extension name.
In the middle of one embodiment of the present of invention, the mode connected between the terminal devices such as mobile phone is selected by user and is determined.User carries out selecting and specifying in the other-end equipment that may connect, and sets up point to point connect between the terminal device held user subsequently and other one or more terminal device by software." other-end equipment " can be the other-end equipment of the vicinity that terminal device that user holds searches, and also can be that user recognizes its other-end equipment existed by interpersonal relation, Web Community, social group.
In the middle of one embodiment of the present of invention, the mode connected between the terminal devices such as mobile phone can be carried out to software automatically by subscriber authorisation, the operation so only needing user little and intervention, the great amount of terminals equipment that novel trans bogusware is housed just mutually can connect and complete repeatedly comparison, also can compare by the point to point connect set up by other signal procedures, result is enough to provide with reference to information the program of installing in each station terminal equipment.
In the middle of one embodiment of the present of invention, a mobile terminal device is set up network by " intermediary " of server with another mobile terminal device and is connected.
In the middle of one embodiment of the present of invention, due to other operations, the terminal device that user holds or by setting up network with other mobile terminal devices is connected, and safety ratio pair is carried out in the network connection that now software of the present invention or software function module can directly utilize this to set up.
In the middle of one embodiment of the present of invention, software of the present invention or software function module establish point to point network at the terminal device that user holds with other mobile terminal devices and are connected, now this network connect can utilize by other softwares of installing in terminal.
In the middle of one embodiment of the present of invention, software function module of the present invention is integrated in the middle of other softwares, and initiatively initiates or participate in being connected with the interaction of other-end of software main program initiation, performs method of the present invention.
In the overwhelming majority under normal circumstances, software on major part terminal device does not comprise virus, wooden horse or other Malwares, therefore in the middle of one embodiment of the present of invention, comparison and the mobile phone of helping each other more, more by comparing the reference information obtained, reference value is also larger, and the cell phone apparatus of self is safer.
Because the various software run on cell phone system and diffusible virus very limited, not need in order to safety the tediously long numerous and diverse traditional anti-viral software of safety on cell phone apparatus and mobile device.Utilize wide ubiquitous wireless network, equipment possessor near allowing and at one's side helps each other and interaction, the comparison device software code of randomness, to the only a few that mobile phone runs by suspecting that software detects and scans, is confirmed whether as virus and dangerous program.These are by suspecting that software link security engine server carries out teleprocessing.
At most of time, most of cell phone system all runs identical legal software, the version of different is only software.Harassing and wrecking software, probability lacking very that bogusware etc. invade, takes comparison pattern of helping each other, shoots the arrow at the target exactly, allow each cellphone subscriber become the safe defender of software systems.The number of comparison of helping each other is more, and cell phone system is safer.
Mobile security system pattern tool of helping each other of the present invention has the following advantages:
1, complete abandoning tradition engine type scanning system, does not need the various softwares on multiple scanning mobile phone, avoids the situation not only losing time but also occupy mobile phone hardware resource.
2, in the conversion of mobile phone with everyone position, the handset security of automatic, random comparison self, only needs just can know that whether self cell phone apparatus is very safe detecting a less data.
3, utilize the extensive distribution of mobile phone, and the feature that wireless network covers in global diversification, oneself grasps the security performance of cell phone system whenever and wherever possible.
4, while help oneself, also helping other people, each cell phone system is exactly " scanning engine " of a unit, realizes helping each other between terminal user interaction, strengthens the contact between user and communication.
Accompanying drawing explanation
Fig. 1 illustrates the situation setting up point to point connect between 4 mobile terminals, two ends have the solid line of arrow to show between mobile phone 101A and mobile phone 101B, between mobile phone 101A and mobile phone 101C, between mobile phone 101B and mobile phone 101C, all point to point connect has been set up by wireless network between mobile phone 101C and mobile phone 101D, wherein 101B and 101C is by search near each other and the mode of permits access establishes point to point connect, dotted line shows mobile phone 101B and mobile phone 101D establishes point to point connect under the intermediary of server 201A, bending solid line shows mobile phone 101A and mobile phone 101D and establishes point to point connect by a connecting line
Fig. 2 is carried out the comparison of partial document each other after illustrating and establishing point to point connect between two mobile terminals by software.Major part file, such as file 1-file 4, check code is identical between two, and therefore its suspicious degree reduces, small part file, such as file n, and its check code from two station terminals is inconsistent, and therefore its suspicious degree increases.
Embodiment
User A holds Samsung i9100 cell phone apparatus, and has installed software function module of the present invention.Ride in a bus in the process of trip at it, user is decided in its sole discretion to be connected by 3G network with the terminal of surrounding and compares, after obtaining permitting, the Samsung i9100 that be provided with of the present invention software function module same with neighbouring two carries out the file comparison of institute's installation procedure, the result display microblogging of comparison, micro-letter, the fruit person of bearing supervisor of playing is all identical, but they are just different from the MD5 code of program same other two mobile phones from Mobile banking of the industrial and commercial bank program ICBCAndroidBank.apk that forum downloads and installs, the result of further comparison is classes.dex file MD5 code difference wherein.So user A has unloaded this program, and again download and install from industrial and commercial bank website, identical by comparison result.Afterwards by analysis, be integrated with Key Logger in the suspect program that comparison result is different and record byte was sent to certain private mailbox, regarding as the trojan horse program of stealing passwords.
Claims (10)
1. one kind does not rely on collaborative mobile terminal anti-viral method and the system of killing engine, it comprises the mobile terminal device that two or more platforms are provided with software program, described multiple stage mobile terminal device is all provided with contrast fail-safe software of helping each other, or with the software contrasting safety function module of helping each other, described helping each other contrasts fail-safe software or the point to point network between terminal can be utilized to connect with the software of contrast safety function module of helping each other, or initiates point to point connect between the terminals; Described help each other contrast fail-safe software or help each other contrast safety function module can also to file each in system carry out a kind of irreversible to computations, obtain a particular verified information, described particular verified information is a kind of electronic signature.
2. a collaborative comparison safety method, to be helped each other contrast fail-safe software by one, or perform with the software of contrast safety function module of helping each other, described software or module are arranged on two or more platforms and are also provided with on the mobile terminal device of other software programs, the point to point network between terminal is utilized to connect, the file installed in terminal device is compared, the mode of described comparison is the particular verified information of same through computations of each file of comparison, if comparison result is identical, helping each other to contrast fail-safe software or help each other contrasts the suspicious degree that safety function module reduces this file, if comparison result is different, helping each other to contrast fail-safe software or help each other contrasts the suspicious degree that safety function module improves this file, suspicious degree result sends to the user of terminal device, the described particular verified information through computations is a kind of electronic signature.
3. collaborative comparison safety method as claimed in claim 2, mobile terminal device is wherein smart mobile phone.
4. collaborative comparison safety method as claimed in claim 2, the wired connection mode between the communication network that it is wireless WIFI network that network wherein connects, bluetooth connects, mobile operator provides or terminal sets up point to point connect.
5. collaborative comparison safety method as claimed in claim 4, it is that user initiatively specifies and sets up that network wherein connects.
6. collaborative comparison safety method as claimed in claim 4, network wherein connects help each other contrast fail-safe software or contrast safety function module automatic search setting up between the terminals of helping each other.
7. collaborative comparison safety method as claimed in claim 4, network wherein to have connected due to other operations or has been about to set up, and be described contrast fail-safe software of helping each other, or contrast safety function module of helping each other utilized.
8. collaborative comparison safety method as claimed in claim 4, network wherein connects to be set up between the terminals by help each other contrast fail-safe software or contrast safety function module of helping each other, and utilize by other softwares in terminal.
9. collaborative comparison security system as claimed in claim 1, wherein said particular verified information is selected from the one in MD5 code, SHA-1 code, DES code and RSA code.
10. collaborative comparison security system as claimed in claim 1, it also comprises one or more webserver.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310212279.5A CN104217159A (en) | 2013-05-31 | 2013-05-31 | Mutual-help mobile terminal anti-virus method and system independent of searching and killing engine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310212279.5A CN104217159A (en) | 2013-05-31 | 2013-05-31 | Mutual-help mobile terminal anti-virus method and system independent of searching and killing engine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104217159A true CN104217159A (en) | 2014-12-17 |
Family
ID=52098635
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310212279.5A Pending CN104217159A (en) | 2013-05-31 | 2013-05-31 | Mutual-help mobile terminal anti-virus method and system independent of searching and killing engine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104217159A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110363000A (en) * | 2019-07-10 | 2019-10-22 | 深圳市腾讯网域计算机网络有限公司 | Identify method, apparatus, electronic equipment and the storage medium of malicious file |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101908116A (en) * | 2010-08-05 | 2010-12-08 | 潘燕辉 | Computer safeguard system and method |
| WO2011030455A1 (en) * | 2009-09-14 | 2011-03-17 | 森清 | Secure audit system and secure audit method |
| CN103020521A (en) * | 2011-09-22 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Trojan horse scanning method and system |
-
2013
- 2013-05-31 CN CN201310212279.5A patent/CN104217159A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011030455A1 (en) * | 2009-09-14 | 2011-03-17 | 森清 | Secure audit system and secure audit method |
| CN101908116A (en) * | 2010-08-05 | 2010-12-08 | 潘燕辉 | Computer safeguard system and method |
| CN103020521A (en) * | 2011-09-22 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Trojan horse scanning method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110363000A (en) * | 2019-07-10 | 2019-10-22 | 深圳市腾讯网域计算机网络有限公司 | Identify method, apparatus, electronic equipment and the storage medium of malicious file |
| CN110363000B (en) * | 2019-07-10 | 2023-11-17 | 深圳市腾讯网域计算机网络有限公司 | Method, device, electronic equipment and storage medium for identifying malicious files |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109711171B (en) | Method, device and system for positioning software bugs, storage medium and electronic device | |
| KR101574652B1 (en) | Sytem and method for mobile incident analysis | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| CN103329501A (en) | Method for managing content on a secure element connected to an equipment | |
| CN101924760A (en) | Method and system for downloading executable file securely | |
| CN105119901A (en) | Method and system for detecting phishing hotspot | |
| CN103905400A (en) | Service authentication method, apparatus and system | |
| CN110535877A (en) | Internet-of-things terminal identity identifying method and Verification System based on double authentication | |
| CN106778229B (en) | VPN-based malicious application downloading interception method and system | |
| CN105827405A (en) | Remotely-controlled safety lock device and remote control method thereof | |
| CN111291372B (en) | Method and device for detecting files of terminal equipment based on software gene technology | |
| CN104796255A (en) | A safety certification method, device and system for a client end | |
| CN107294981B (en) | Authentication method and equipment | |
| CN102968588B (en) | Intelligent terminal system | |
| US20160352522A1 (en) | User Terminal For Detecting Forgery Of Application Program Based On Signature Information And Method Of Detecting Forgery Of Application Program Using The Same | |
| CN104217159A (en) | Mutual-help mobile terminal anti-virus method and system independent of searching and killing engine | |
| CN106209894A (en) | A kind of method based on NGINX unified certification and system | |
| CN107846390B (en) | Authentication method and device for application program | |
| CN102790799B (en) | Resource downloading method based on cloud security service | |
| CN114238987A (en) | Intelligent networking automobile APP penetration test method, system and storage medium | |
| CN106919836B (en) | Application port detection method and device | |
| KR20220014852A (en) | System and method for application verification | |
| CN106713285A (en) | Website link security verification method and system | |
| CN104363256B (en) | A kind of identification and control method, equipment and system of mobile phone viruses | |
| Ham et al. | DroidVulMon--Android Based Mobile Device Vulnerability Analysis and Monitoring System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141217 |