CN106778232A - A kind of information analysis method and electronic equipment - Google Patents

Abstract

The invention discloses a kind of information analysis method and electronic equipment, methods described includes：The solicited message that the electronic equipment is initiated is detected, the type that the solicited message determines the solicited message is parsed；If the type of the solicited message is the acquisition request for the second application, it is determined that initiate the first application of the solicited message；Judge whether to need to intercept the described first application, processed for the described first application based on the judged result for obtaining.

Description

A kind of information analysis method and electronic equipment

Technical field

Set the present invention relates to the terminal management technology in the communications field, more particularly to a kind of information analysis method and electronics It is standby.

Background technology

Electronic equipment, especially smart machine, such as mobile phone play more and more important role in the life of people, People be unable to do without mobile phone in the activity such as clothing, food, lodging and transportion -- basic necessities of life, social activity, amusement.In numerous mobile phone applications, Information application is in ditch Logical, social aspect letter is particularly important.However, most of electronic equipments cannot ensure the malice generation in application from root at this stage The unsafe problems that code or program are brought.

The content of the invention

It is a primary object of the present invention to propose a kind of information analysis method and electronic equipment, it is intended to solve in the prior art The above mentioned problem of presence.

A kind of information analysis method that the present invention is provided, is applied to electronic equipment, including：

The solicited message that the electronic equipment is initiated is detected, the class that the solicited message determines the solicited message is parsed Type；

If the type of the solicited message is the acquisition request for the second application, it is determined that initiate the solicited message First application；

Judge whether to need to intercept the described first application, based on the judged result for obtaining for the described first application Processed.

The present invention provides a kind of electronic equipment, and the electronic equipment includes：

Resolution unit, for detecting the solicited message that the electronic equipment is initiated, parses the solicited message and determines institute State the type of solicited message；

Processing unit, if being for the second acquisition request applied for the type of the solicited message, it is determined that initiate First application of the solicited message；Judge whether to need to intercept the described first application, based on the judged result for obtaining Processed for the described first application.

A kind of information analysis method proposed by the present invention and electronic equipment, are initiating the acquisition request for the second application When, the first application to initiating the request is detected, to determine the need for intercepting the first application.In this way, just Application that can be to initiating request from root carries out intercept process, so as to be subject to when other application is downloaded in an application Monitoring, improves the security during electronic equipment use.

Brief description of the drawings

Fig. 1 is the hardware architecture diagram of the electronic equipment for realizing each embodiment of the invention；

Fig. 2 is the wireless communication system schematic diagram of electronic equipment as shown in Figure 1；

Fig. 3 is embodiment of the present invention information analysis method schematic flow sheet one；

Fig. 4 is embodiment of the present invention information analysis method schematic flow sheet two；

Fig. 5 is that embodiment of the present invention electronic equipment constitutes structural representation.

The realization of the object of the invention, functional characteristics and advantage will be described further referring to the drawings in conjunction with the embodiments.

Specific embodiment

It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.

The electronic equipment of each embodiment of the invention is realized referring now to Description of Drawings.In follow-up description, use For represent element such as " module ", " part " or " unit " suffix only for being conducive to explanation of the invention, itself Not specific meaning.Therefore, " module " can be used mixedly with " part ".

Electronic equipment can be implemented in a variety of manners.For example, the terminal described in the present invention can include such as moving It is phone, smart phone, notebook computer, digit broadcasting receiver, personal digital assistant (PDA), panel computer (PAD), portable The electronic equipment of formula multimedia player (PMP), guider etc. and the such as fixation of numeral TV, desktop computer etc. Terminal.Hereinafter it is assumed that terminal is electronic equipment.However, it will be understood by those skilled in the art that, except being used in particular for moving mesh Element outside, construction according to the embodiment of the present invention can also apply to the terminal of fixed type.

Fig. 1 is that the hardware configuration of the electronic equipment for realizing each embodiment of the invention is illustrated.

Electronic equipment 100 can include communication unit 110, output unit 150, memory 160, interface unit 170, control Device 180 and power subsystem 190 etc..Fig. 1 shows the electronic equipment with various assemblies, it should be understood that simultaneously should not It is realistic to apply all components for showing.More or less component can alternatively be implemented.Electronic equipment will be discussed in more detail below Element.

Communication unit 110 generally includes one or more assemblies, and it allows electronic equipment 100 and wireless communication system or net Radio communication between network.

Interface unit 170 is used as at least one external device (ED) and connecing of can passing through is connected with electronic equipment 100

Mouthful.For example, external device (ED) can include wired or wireless head-band earphone port, external power source (or battery charge Device) it is port, wired or wireless FPDP, memory card port, defeated for connecting the port of device with identification module, audio Enter/export (I/O) port, video i/o port, ear port etc..Identification module can be storage for verifying that user uses The various information of electronic equipment 100 and subscriber identification module (UIM), client identification module (SIM), Universal Subscriber can be included Identification module (USIM) etc..In addition, the device (hereinafter referred to as " identifying device ") with identification module can take smart card Form, therefore, identifying device can be connected via port or other attachment means with electronic equipment 100.Interface unit 170 can Input for receiving the input (for example, data message, electric power etc.) from external device (ED) and will receive is transferred to One or more elements in electronic equipment 100 can be used for transmitting data between electronic equipment and external device (ED).

Output unit 150 is configured to provide output signal (for example, audio is believed with vision, audio and/or tactile manner Number, vision signal, alarm signal, vibration signal etc.).Output unit 150 can include aobvious dio Output Modules etc..Audio Output module can by receive or in memory 160 store voice data transducing audio signal and be output as sound Sound.And, dio Output Modules can provide the audio output related to the specific function of the execution of electronic equipment 100 (for example, exhaling Signal is made to receive sound, message sink sound etc.).Dio Output Modules can include loudspeaker, buzzer etc..

Memory 160 can store software program for the treatment and control operation performed by controller 180 etc., Huo Zheke Temporarily to store the data that exported or will export (for example, telephone directory, message, still image, video etc.).And And, memory 160 can store the vibration of various modes on being exported when touching and being applied to touch-screen and audio signal Data.

Memory 160 can include the storage medium of at least one type, and the storage medium includes flash memory, hard disk, many Media card, card-type memory (for example, SD or DX memories etc.), random access storage device (RAM), static random-access storage Device (SRAM), read-only storage (ROM), Electrically Erasable Read Only Memory (EEPROM), programmable read only memory (PROM), magnetic storage, disk, CD etc..And, electronic equipment 100 can perform memory with by network connection The network storage device cooperation of 160 store function.

The overall operation of the usual control electronics of controller 180.For example, controller 180 is performed and voice call, data Communication, video calling etc. related control and treatment.In addition, controller 180 can be included for reproducing (or playback) many matchmakers The multi-media module of volume data, multi-media module can be constructed in controller 180, or can be structured as and controller 180 Separate.Controller 180 can draw defeated with execution pattern identifying processing, the handwriting input that will be performed on the touchscreen or picture Enter to be identified as character or image.

Power subsystem 190 receives external power or internal power under the control of controller 180 and provides operation each unit Appropriate electric power needed for part and component.

Various implementation methods described herein can be with use such as computer software, hardware or its any combination of calculating Machine computer-readable recording medium is implemented.Implement for hardware, implementation method described herein can be by using application-specific IC (ASIC), digital signal processor (DSP), digital signal processing device (DSPD), programmable logic device (PLD), scene can Programming gate array (FPGA), processor, controller, microcontroller, microprocessor, it is designed to perform function described herein At least one in electronic unit is implemented, and in some cases, such implementation method can be implemented in controller 180. For software implementation, the implementation method of such as process or function can with allow to perform the single of at least one function or operation Software module is implemented.Software code can be come by the software application (or program) write with any appropriate programming language Implement, software code can be stored in memory 160 and performed by controller 180.

So far, electronic equipment is described according to its function.Below, for the sake of brevity, will description such as folded form, Sliding-type electronic equipment in various types of electronic equipments of board-type, oscillating-type, sliding-type electronic equipment etc. is used as showing Example.Therefore, the present invention can be applied to any kind of electronic equipment, and be not limited to sliding-type electronic equipment.

Electronic equipment 100 as shown in Figure 1 may be constructed such that using via frame or packet transmission data it is all if any Line and wireless communication system and satellite-based communication system are operated.

The communication system that electronic equipment wherein of the invention can be operated is described referring now to Fig. 2.

Such communication system can use different air interface and/or physical layer.For example, used by communication system Air interface includes such as frequency division multiple access (FDMA), time division multiple acess (TDMA), CDMA (CDMA) and universal mobile communications system System (UMTS) (especially, Long Term Evolution (LTE)), global system for mobile communications (GSM) etc..As non-limiting example, under The description in face is related to cdma communication system, but such teaching is equally applicable to other types of system.

With reference to Fig. 2, cdma wireless communication system can include multiple electronic equipments 100, multiple base station (BS) 270, base station Controller (BSC) 275, mobile switching centre (MSC) 280 and broadcsting transmitter (BT) 295.MSC280 is configured to and common electrical Words exchange network (PSTN) 290 form interface.MSC280 is also structured to and can be couple to BS270's via back haul link BSC275 forms interface.Back haul link can in some known interfaces any one construct, the interface includes example Such as E1/T1, ATM, IP, PPP, frame relay, HDSL, ADSL or xDSL.It will be appreciated that system can be wrapped as shown in Figure 2 Include multiple BSC275.In fig. 2, multiple satellites 300 are depicted, it is understood that be, it is possible to use any number of satellite is obtained Obtain useful location information.

Based on above-mentioned electronic equipment hardware configuration and communication system, the inventive method each embodiment is proposed.

Embodiment one,

A kind of information analysis method is the embodiment of the invention provides, electronic equipment is applied to, as shown in figure 3, including：

Step 301：The solicited message that the electronic equipment is initiated is detected, the solicited message is parsed and is determined the request The type of information；

Step 302：If the type of the solicited message is the acquisition request for the second application, it is determined that initiate described asking The first of information is asked to apply；

Step 303：Judge whether to need to intercept the described first application, based on the judged result for obtaining for described First application is processed.

Electronic equipment described in the present embodiment can be any one equipment for having access to network, such as, can be intelligence Can mobile phone, can be panel computer, notebook computer, can also be PC etc. equipment, as long as can be by being applied to The equipment of connection is set up in the present embodiment scene protection model essay in internet, and exhaustion is not carried out here.

Assuming that electronic equipment is mobile phone, during mobile phone use, may there are some in a third-party application wide Plug-in unit is accused, user cheating goes to click on, after user clicks on, software can stealthily be downloaded on backstage and point out the user to carry out installation behaviour Make.

The solicited message that the electronic equipment is initiated is detected, specifically, can be included：The electronics is captured in real time to set Standby tcp data bag.

Wherein, getting and can also analyze the packet by tcp data bag after tcp data bag is that electronic equipment sends The information that still receives of request；The GET/ sent for electronic equipment can be included in the scene that the present embodiment is provided POST request is processed.

Specifically, the parsing solicited message determines the type of the solicited message, also includes：From the request The corresponding file type of the solicited message is extracted in information；Whether the solicited message is judged based on the file type It is the acquisition request for the second application.

Ask that this type for obtaining the request information to be obtained can be at least depicted by the URI.Such as, one URI requests can be included：http://raf-admin.nubia.cn/apps/apks/7d53e2ca-8d67-4764- 996c-84947b1b7caf.apk；Asked by above-mentioned URI it can be seen that the type of targeted information is one " .apk " It is exactly a program bag (or as an installation kit for application).

In addition, determining that the first application for initiating the solicited message can be：Obtained from the packet header of the solicited message To the source port for initiating the solicited message；The process of the binding source port is searched, determines to initiate described by the process First application of solicited message.

Wherein, predetermined number data bit of the tcp data bag in its packet header position is used to add source port, specifically The number of data bit is not described in detail here.Such as, the source port can be 80 ports or other ports；Accordingly, including The binding process corresponding to the source port of can getting is deposited, is not described in detail in specific acquisition modes the present embodiment. Further, the process based on the binding can learn that the process is the process which application is initiated, such as, some should Different processes can be initiated under different treatment scenes, corresponding application can just be found by parameters such as process IDs.

Just can at least determine to initiate the first application for obtaining the second application by aforementioned manner；And then, by first The parameter such as title applied using corresponding program bag or first is detected just be capable of deciding whether the first application is carried out Intercept.

It can be seen that, by using such scheme, it becomes possible to when initiating to be asked for the acquisition of the second application, to initiating First application of the request is detected, to determine the need for intercepting the first application.So, it becomes possible to from root Application to initiating request carries out intercept process, so as to monitored when other application is downloaded in an application, improves Security during electronic equipment use.

Embodiment two,

A kind of information analysis method is the embodiment of the invention provides, electronic equipment is applied to, as shown in figure 3, including：

Step 301：The solicited message that the electronic equipment is initiated is detected, the solicited message is parsed and is determined the request The type of information；

Step 302：If the type of the solicited message is the acquisition request for the second application, it is determined that initiate described asking The first of information is asked to apply；

Step 303：Judge whether to need to intercept the described first application, based on the judged result for obtaining for described First application is processed.

Electronic equipment described in the present embodiment can be any one equipment for having access to network, such as, can be intelligence Can mobile phone, can be panel computer, notebook computer, can also be PC etc. equipment, as long as can be by being applied to The equipment of connection is set up in the present embodiment scene protection model essay in internet, and exhaustion is not carried out here.

Assuming that electronic equipment is mobile phone, during mobile phone use, may there are some in a third-party application wide Plug-in unit is accused, user cheating goes to click on, after user clicks on, software can stealthily be downloaded on backstage and point out the user to carry out installation behaviour Make.

The solicited message that the electronic equipment is initiated is detected, specifically, can be included：The electronics is captured in real time to set Standby tcp data bag.

Wherein, getting and can also analyze the packet by tcp data bag after tcp data bag is that electronic equipment sends The information that still receives of request；The GET/ sent for electronic equipment can be included in the scene that the present embodiment is provided POST request is processed.

Specifically, the parsing solicited message determines the type of the solicited message, also includes：From the request The corresponding file type of the solicited message is extracted in information；Whether the solicited message is judged based on the file type It is the acquisition request for the second application.

Ask that this type for obtaining the request information to be obtained can be at least depicted by the URI.Such as, one URI requests can be included：http://raf-admin.nubia.cn/apps/apks/7d53e2ca-8d67-4764- 996c-84947b1b7caf.apk；Asked by above-mentioned URI it can be seen that the type of targeted information is one " .apk " It is exactly a program bag (or as an installation kit for application).

In addition, determining that the first application for initiating the solicited message can be：Obtained from the packet header of the solicited message To the source port for initiating the solicited message；The process of the binding source port is searched, determines to initiate described by the process First application of solicited message.

Wherein, predetermined number data bit of the tcp data bag in its packet header position is used to add source port, specifically The number of data bit is not described in detail here.Such as, the source port can be 80 ports or other ports；Accordingly, including The binding process corresponding to the source port of can getting is deposited, is not described in detail in specific acquisition modes the present embodiment. Further, the process based on the binding can learn that the process is the process which application is initiated, such as, some should Different processes can be initiated under different treatment scenes, corresponding application can just be found by parameters such as process IDs.

Just can at least determine to initiate the first application for obtaining the second application by aforementioned manner；And then, by first The parameter such as title applied using corresponding program bag or first is detected just be capable of deciding whether the first application is carried out Intercept.

Be with the difference of embodiment one, the present embodiment further directed to how to judge whether to intercept and it is specific how Carry out the scene such as processing and be further illustrated：

It is described to judge whether to need to intercept the described first application, including：

Whether include the plug-in unit and/or second preset kind of the first preset kind in first application by detecting Code, judges whether to need to intercept the described first application；

And/or,

It is whether identical with the package name in default off-limit list by detecting first application, judge whether to need Described first application is intercepted.

Wherein, the detection mode of the plug-in unit of first preset kind can apply corresponding program for detection described first Bag, judges whether the plug-in unit of the first preset kind is included in the program bag, if including, it is determined that need to intercept it；

The code of the second preset kind can also be the Multiple Code according to actual conditions setting, from the first application correspondence Program code in detect whether identical with default Multiple Code, if identical, need to intercept it；

Off-limit list can be the list of the title composition of default various applications；Such as, have various applications be required into Row is intercepted, it would be desirable to which the title of multiple applications of interception is arranged in the off-limit list；

It is to be appreciated that the above-mentioned scene that provide only off-limit list, is actually also provided with white list, white list Effect and off-limit list conversely, being provided with the title of various applications that need not be forbidden or be intercepted in white list.

It is described to be processed for the described first application based on the judged result for obtaining, including：If judged result is characterized needing Described first application is intercepted, then at least forbid first application only connection network.

That is, once it is determined that the first application needs to intercept, then can directly determine first application in setting By mobile radio communication or network can not can not be connected by modes such as WLANs.

With reference to Fig. 4, the scheme that the present embodiment is provided is illustrated：

1., by capturing tcp data bag, the request (GET/POST) that analysis mobile phone sends, the request for for example sending is form It is as follows：Full request URI:

http://raf-admin.nubia.cn/apps/apks/7d53e2ca-8d67-4764-996c- 84947b1b7caf.apk

Type is the packet of apk in recording the URI to request.

2., by analyzing the source port in TCP packet header, the process number of bundling port is searched.

3. Program path is obtained by the bag name of the process, can determine whether to be intercepted (1) to journey using some modes Sequence bag is scanned and analyses whether to exist ad plug-in or automatic the malicious code (2) such as download using common application market as white List, Bao Mingzhong is not downloaded interception in white list.

4. interception mode performs suspension operation to the application program by wrapping name, forbids its to download application.

It can be seen that, by using such scheme, it becomes possible to when initiating to be asked for the acquisition of the second application, to initiating First application of the request is detected, to determine the need for intercepting the first application.So, it becomes possible to from root Application to initiating request carries out intercept process, so as to monitored when other application is downloaded in an application, improves Security during electronic equipment use.

Embodiment three,

A kind of electronic equipment is the embodiment of the invention provides, as shown in figure 5, including：

Resolution unit 51, for detecting the solicited message that the electronic equipment is initiated, parses the solicited message and determines The type of the solicited message；

Processing unit 52, if being for the second acquisition request applied for the type of the solicited message, it is determined that hair Play the first application of the solicited message；Judge whether to need to intercept the described first application, based on the judgement knot for obtaining Fruit is processed for the described first application.

Electronic equipment described in the present embodiment can be any one equipment for having access to network, such as, can be intelligence Can mobile phone, can be panel computer, notebook computer, can also be PC etc. equipment, as long as can be by being applied to The equipment of connection is set up in the present embodiment scene protection model essay in internet, and exhaustion is not carried out here.

Assuming that electronic equipment is mobile phone, during mobile phone use, may there are some in a third-party application wide Plug-in unit is accused, user cheating goes to click on, after user clicks on, software can stealthily be downloaded on backstage and point out the user to carry out installation behaviour Make.

The solicited message that the electronic equipment is initiated is detected, specifically, can be included：The electronics is captured in real time to set Standby tcp data bag.

Wherein, getting and can also analyze the packet by tcp data bag after tcp data bag is that electronic equipment sends The information that still receives of request；The GET/ sent for electronic equipment can be included in the scene that the present embodiment is provided POST request is processed.

Specifically, the resolution unit, for being extracted corresponding to the solicited message from the solicited message File type；Judge whether the solicited message is for the second acquisition request applied based on the file type.

Ask that this type for obtaining the request information to be obtained can be at least depicted by the URI.Such as, one URI requests can be included：http://raf-admin.nubia.cn/apps/apks/7d53e2ca-8d67-4764- 996c-84947b1b7caf.apk；Asked by above-mentioned URI it can be seen that the type of targeted information is one " .apk " It is exactly a program bag (or as an installation kit for application).

In addition, processing unit, the source of the solicited message is initiated for being got from the packet header of the solicited message Mouthful；The process of the binding source port is searched, determines to initiate the first application of the solicited message by the process.

Wherein, predetermined number data bit of the tcp data bag in its packet header position is used to add source port, specifically The number of data bit is not described in detail here.Such as, the source port can be 80 ports or other ports；Accordingly, including The binding process corresponding to the source port of can getting is deposited, is not described in detail in specific acquisition modes the present embodiment. Further, the process based on the binding can learn that the process is the process which application is initiated, such as, some should Different processes can be initiated under different treatment scenes, corresponding application can just be found by parameters such as process IDs.

Just can at least determine to initiate the first application for obtaining the second application by aforementioned manner；And then, by first The parameter such as title applied using corresponding program bag or first is detected just be capable of deciding whether the first application is carried out Intercept.

It can be seen that, by using such scheme, it becomes possible to when initiating to be asked for the acquisition of the second application, to initiating First application of the request is detected, to determine the need for intercepting the first application.So, it becomes possible to from root Application to initiating request carries out intercept process, so as to monitored when other application is downloaded in an application, improves Security during electronic equipment use.

Example IV,

Be with the difference of embodiment three, the present embodiment further directed to how to judge whether to intercept and it is specific how Carry out the scene such as processing and be further illustrated：

The processing unit, for whether include the plug-in unit of the first preset kind in first application by detecting And/or second preset kind code, judge whether need to described first application intercept；

And/or,

Processing unit, for by detect it is described first application whether with default off-limit list in package name phase Together, judge whether to need to intercept the described first application.

Wherein, the detection mode of the plug-in unit of first preset kind can apply corresponding program for detection described first Bag, judges whether the plug-in unit of the first preset kind is included in the program bag, if including, it is determined that need to intercept it；

The code of the second preset kind can also be the Multiple Code according to actual conditions setting, from the first application correspondence Program code in detect whether identical with default Multiple Code, if identical, need to intercept it；

Off-limit list can be the list of the title composition of default various applications；Such as, have various applications be required into Row is intercepted, it would be desirable to which the title of multiple applications of interception is arranged in the off-limit list；

It is to be appreciated that the above-mentioned scene that provide only off-limit list, is actually also provided with white list, white list Effect and off-limit list conversely, being provided with the title of various applications that need not be forbidden or be intercepted in white list.

The processing unit, if characterized for judged result to need to intercept the described first application, at least forbids First application only connects network.

That is, once it is determined that the first application needs to intercept, then can directly determine first application in setting By mobile radio communication or network can not can not be connected by modes such as WLANs.

With reference to Fig. 4, the scheme that the present embodiment is provided is illustrated：

1., by capturing tcp data bag, the request (GET/POST) that analysis mobile phone sends, the request for for example sending is form It is as follows：Full request URI:

http://raf-admin.nubia.cn/apps/apks/7d53e2ca-8d67-4764-996c- 84947b1b7caf.apk

Type is the packet of apk in recording the URI to request.

2., by analyzing the source port in TCP packet header, the process number of bundling port is searched.

3. Program path is obtained by the bag name of the process, can determine whether to be intercepted (1) to journey using some modes Sequence bag is scanned and analyses whether to exist ad plug-in or automatic the malicious code (2) such as download using common application market as white List, Bao Mingzhong is not downloaded interception in white list.

4. interception mode performs suspension operation to the application program by wrapping name, forbids its to download application.

It can be seen that, by using such scheme, it becomes possible to when initiating to be asked for the acquisition of the second application, to initiating First application of the request is detected, to determine the need for intercepting the first application.So, it becomes possible to from root Application to initiating request carries out intercept process, so as to monitored when other application is downloaded in an application, improves Security during electronic equipment use.

It should be noted that herein, term " including ", "comprising" or its any other variant be intended to non-row His property is included, so that process, method, article or device including a series of key elements not only include those key elements, and And also include other key elements being not expressly set out, or also include for this process, method, article or device institute are intrinsic Key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including this Also there is other identical element in the process of key element, method, article or device.

The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.

Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably implementation method.Based on such understanding, technical scheme is substantially done to prior art in other words The part for going out contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are used to so that a station terminal equipment (can be mobile phone, computer, clothes Business device, air-conditioner, or network equipment etc.) perform method described in each embodiment of the invention.

The preferred embodiments of the present invention are these are only, the scope of the claims of the invention is not thereby limited, it is every to utilize this hair Equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of information analysis method, is applied to electronic equipment, it is characterised in that methods described includes：

The solicited message that the electronic equipment is initiated is detected, the type that the solicited message determines the solicited message is parsed；

If the type of the solicited message is the acquisition request for the second application, it is determined that initiate the first of the solicited message Using；

Judge whether to need to intercept the described first application, carried out for the described first application based on the judged result for obtaining Treatment.

2. method according to claim 1, it is characterised in that the parsing solicited message determines the solicited message Type, also include：

The file type corresponding to the solicited message is extracted from the solicited message；

Judge whether the solicited message is for the second acquisition request applied based on the file type.

3. method according to claim 1, it is characterised in that the first application of the solicited message is initiated in the determination, Also include：

The source port for initiating the solicited message is got from the packet header of the solicited message；

The process of the binding source port is searched, determines to initiate the first application of the solicited message by the process.

4. the method according to claim any one of 1-3, it is characterised in that described judge whether to need should to described first With being intercepted, including：

Whether the generation of the plug-in unit and/or second preset kind of first preset kind is included in by detecting that described first applies Code, judges whether to need to intercept the described first application；

And/or,

It is whether identical with the package name in default off-limit list by detecting first application, judge whether that needs are right First application is intercepted.

5. method according to claim 1, it is characterised in that it is described should for described first based on the judged result for obtaining With being processed, including：

If judged result is characterized to need to intercept the described first application, at least forbid first application only connection net Network.

6. a kind of electronic equipment, it is characterised in that the electronic equipment includes：

Resolution unit, for detecting the solicited message that the electronic equipment is initiated, parses the solicited message and determines described asking Seek the type of information；

Processing unit, if being for the second acquisition request applied for the type of the solicited message, it is determined that initiate described First application of solicited message；Judge whether to need to intercept the described first application, be directed to based on the judged result for obtaining First application is processed.

7. electronic equipment according to claim 6, it is characterised in that the resolution unit, for from the solicited message The middle corresponding file type for extracting the solicited message；Judge whether the solicited message is pin based on the file type Acquisition request to the second application.

8. electronic equipment according to claim 6, it is characterised in that the processing unit, for from the solicited message Packet header in get the source port for initiating the solicited message；The process of the binding source port is searched, by the process It is determined that initiating the first application of the solicited message.

9. the electronic equipment according to claim any one of 6-8, it is characterised in that the processing unit, is used for

Whether the generation of the plug-in unit and/or second preset kind of first preset kind is included in by detecting that described first applies Code, judges whether to need to intercept the described first application；

And/or,

It is whether identical with the package name in default off-limit list by detecting first application, judge whether that needs are right First application is intercepted.

10. electronic equipment according to claim 6, it is characterised in that the processing unit, if being characterized for judged result Need to intercept the described first application, then at least forbid first application only connection network.