CN106934284A - Application program detection method and device and terminal - Google Patents
Application program detection method and device and terminal Download PDFInfo
- Publication number
- CN106934284A CN106934284A CN201511021184.0A CN201511021184A CN106934284A CN 106934284 A CN106934284 A CN 106934284A CN 201511021184 A CN201511021184 A CN 201511021184A CN 106934284 A CN106934284 A CN 106934284A
- Authority
- CN
- China
- Prior art keywords
- application program
- group
- signature
- time
- band
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
Abstract
The embodiment of the invention discloses an application program detection method, an application program detection device and a terminal, and the scheme comprises the following steps: identifying a first application program existing under a system directory of the terminal; grouping the first application program according to the signature information of the first application program to generate a first group comprising at least one group of signature groups, wherein the signature groups have unique correspondence with the signature information; grouping the first application program according to the installation time of the first application program to generate a second group comprising at least one group of time groups, wherein the time groups have unique correspondence with the installation time; judging whether a first signature group meeting a preset condition exists in the first group, if so, determining a first application program in the first signature group as a virus program, wherein the preset condition at least comprises the following steps: the included first application is capable of overriding the first application included in the at least one time group. By applying the embodiment of the invention, the virus program invisibly installed in the terminal can be identified.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of application program detection method, device and terminal.
Background technology
In recent years, with the popularization and exploitation of the various operating systems on terminal, various operation systems are directed to
The Virus of system is also increasingly savage.In technological layer, Virus can be attempted stealthily obtaining the operating system
Root authority, and then " stealth " be installed in the operating system, backstage consumption terminal flow,
The information in terminal is obtained, wherein, so-called " stealth " is referred specifically to:The program icon of the Virus is not
It is displayed in the main interface of terminal or on desktop.
And the Virus of the root authority for this operating system that is stealthy installing and obtaining terminal, it is existing
Although having technology can discover the presence for the Virus, it is difficult to determine the position of the Virus, then
For how to recognize that the Virus becomes problem demanding prompt solution.
The content of the invention
The embodiment of the invention discloses a kind of application program detection method, device and terminal, to realize to " hidden
Shape " is installed on the identification of the Virus of terminal.Concrete scheme is as follows:
In a first aspect, the embodiment of the invention provides a kind of application program detection method, terminal is applied to, institute
The method of stating includes:
Identification is present in the application program under the system directory of the terminal, is defined as the first application program;
According to the signing messages of first application program, first application program is grouped, generated
Band 1, the Band 1 includes at least one set of signature group, and signature group has uniquely with signing messages
Correspondence;
According to the set-up time of first application program, first application program is grouped, generated
Second group, second group includes at least one set of time group, and time group has uniquely with the set-up time
Correspondence;
Judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1, if it is, will
The first application program included by first signature group is defined as Virus, wherein, the predetermined condition
At least include:The first included application program can cover the first included application of at least one set of time group
Program.
Preferably, the predetermined condition also includes:The minimum number of included first application program;
The judgement whether there is the first signature group for conforming to a predetermined condition in the Band 1, including:
Judge in the Band 1, if there is the first included application program can cover at least one
First signature of the first included application program of group time group and the minimum number of included first application program
Group.
Preferably, the signature group of first application program includes:
The primary class signature group of system, hardware vendor's class signature group, equipment vendors' class signature group or application vendor label
Name group.
Preferably, the set-up time according to first application program, enters to first application program
Row packet, including:
According to the installed date of first application program, first application program is grouped.
Preferably, a kind of application program detection method that the embodiment of the present invention is provided, also includes:
After the first application program included by first signature group is defined as into Virus, output prompting letter
Breath, to point out the first application program included by the first signature group described in user to be defined as Virus.
Preferably, a kind of application program detection method that the embodiment of the present invention is provided, also includes:
After the first application program included by first signature group is defined as into Virus, system power is obtained
Limit, Virus described in forced unloading.
Second aspect, the embodiment of the present invention additionally provides a kind of application program detection means, is applied to terminal,
Described device includes:Determining module, the first grouping module, second packet module and judge module;
The determining module:For recognizing the application program being present under the system directory of the terminal, it is determined that
It is the first application program;
First grouping module:For the signing messages according to first application program, to described first
Application program is grouped, and generates Band 1, and the Band 1 includes at least one set of signature group, and signs
Name group has unique correspondence with signing messages;
The second packet module:For the set-up time according to first application program, to described first
Application program is grouped, and generates the second group, and second group includes at least one set of time group, and when
Between group with the set-up time there is unique correspondence;
The judge module:For judging in the Band 1 with the presence or absence of first for conforming to a predetermined condition
Signature group, if it is, the first application program included by first signature group is defined as Virus,
Wherein, the predetermined condition at least includes:The first included application program can cover at least one set of time
The first included application program of group.
Preferably, the predetermined condition also includes:The minimum number of included first application program;
The judge module specifically for:
Judge in the Band 1, if there is the first included application program can cover at least one
First signature of the first included application program of group time group and the minimum number of included first application program
Group.
Preferably, the signature group of first application program includes:
The primary class signature group of system, hardware vendor's class signature group, equipment vendors' class signature group or application vendor label
Name group.
Preferably, the second packet module specifically for:
According to the installed date of first application program, first application program is grouped.
Preferably, a kind of application program detection means that the embodiment of the present invention is provided, also including information output
Module;
The prompt message output module:For the judge module by included by first signature group
After one application program is defined as Virus, prompt message is exported, to point out the first signature group institute described in user
Including the first application program be defined as Virus.
Preferably, a kind of application program detection means that the embodiment of the present invention is provided, also including Unload module;
The Unload module:First included by first signature group is applied into journey for the judge module
After sequence is defined as Virus, System Privileges, Virus described in forced unloading are obtained.
The third aspect, the embodiment of the present invention additionally provides a kind of terminal, including:Housing, processor, storage
Device, circuit board and power circuit, wherein, circuit board is placed in the interior volume that housing is surrounded, processor and
Memory is set on circuit boards;Power circuit, powers for each circuit or device for terminal;Storage
Device is used to store executable program code;Processor is by reading the executable program code stored in memory
To run program corresponding with executable program code, for performing following steps:
Identification is present in the application program under the system directory of the terminal, is defined as the first application program;
According to the signing messages of first application program, first application program is grouped, generated
Band 1, the Band 1 includes at least one set of signature group, and signature group has uniquely with signing messages
Correspondence;
According to the set-up time of first application program, first application program is grouped, generated
Second group, second group includes at least one set of time group, and time group has uniquely with the set-up time
Correspondence;
Judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1, if it is, will
The first application program included by first signature group is defined as Virus, wherein, the predetermined condition
At least include:The first included application program can cover the first included application of at least one set of time group
Program.
In this programme, identification first is present in the first application program under the system directory of the terminal;So
Afterwards according to the signing messages of first application program, first application program is grouped, generation bag
The Band 1 of at least one set of signature group is included, wherein, signature group has unique correspondence with signing messages;According to
According to the set-up time of first application program, first application program is grouped, generation includes at least one
Second group of group time group, wherein, time group has unique correspondence with the set-up time;Judge this
With the presence or absence of the first signature group for conforming to a predetermined condition in one group, if it is, first signature group is wrapped
The first application program for including is defined as Virus, wherein, the predetermined condition at least includes:Included
One application program can cover the first included application program of at least one set of time group.It can be seen that, by we
Case can realize the identification of the Virus that terminal is installed on to " stealth ".Certainly, implement of the invention
Any product or method must be not necessarily required to while reaching all the above advantage.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to implementing
Example or the accompanying drawing to be used needed for description of the prior art are briefly described, it should be apparent that, describe below
In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying
On the premise of going out creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of application program detection method provided in an embodiment of the present invention;
Fig. 2 is a kind of another schematic flow sheet of application program detection method provided in an embodiment of the present invention;
Fig. 3 is a kind of another schematic flow sheet of application program detection method provided in an embodiment of the present invention;
Fig. 4 is a kind of structural representation of application program detection means provided in an embodiment of the present invention;
Fig. 5 is a kind of another structural representation of application program detection means provided in an embodiment of the present invention;
Fig. 6 is a kind of another structural representation of application program detection means provided in an embodiment of the present invention;
Fig. 7 is a kind of structural representation of terminal provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation
Property work under the premise of the every other embodiment that is obtained, belong to the scope of protection of the invention.
To solve prior art problem, a kind of application program detection method, device are the embodiment of the invention provides
And terminal, it is possible to achieve the identification of the Virus of terminal is installed on to " stealth ".
A kind of application program detection method for being provided the embodiment of the present invention first below is introduced.
It should be noted that a kind of application program detection method that the embodiment of the present invention is provided, can apply
In terminal, the terminal can be desktop computer, notebook computer, panel computer and smart mobile phone.No matter
The terminal in the case of connecting network or in the case of not connected network, can apply the present invention real
Apply the application program detection method that example is provided.
Also, realize that a kind of functional software of application program detection method that the embodiment of the present invention is provided can be with
It is special client software, or, or the existing client software that can detect Virus
Plug-in unit or antivirus client software plug-in unit, it is, of course, also possible to be the plug-in unit of the operating system based on terminal,
This is all rational.
As shown in figure 1, a kind of application program detection method provided in an embodiment of the present invention, the step can be wrapped
Include:
S101:Identification is present in the application program under the system directory of the terminal, is defined as the first application program;
It should be noted that being detected to the application program that the terminal is installed periodically or non-periodically, knows
It is not present in the application program under the system directory of the terminal, this is present under the system directory of the terminal
Application program is defined as the first application program, wherein, the detection that the application program installed to the terminal is carried out
Time can be functional software acquiescence detection time, or the time that user is voluntarily set.
Also, the specific implementation that identification is present in the application program under the system directory of the terminal can be adopted
With implementation present in prior art, do not limit herein.
S102:According to the signing messages of first application program, first application program is grouped, it is raw
Into Band 1, the Band 1 includes at least one set of signature group, and signature group has uniquely with signing messages
Correspondence;
It should be noted that for any operation system, such as android system, it is all to be installed to using the behaviour
Making the application program in the terminal of system must all have a digital certificate, and the digital certificate is used to identify the application
The source of program, and the trusting relationship set up between source and application program, being somebody's turn to do in the embodiment of the present invention
Signing messages is equal to digital certificate here.Meanwhile, the signing messages of the application program in different source is not
Together, the signing messages of the application program of same source is identical.
It is understood that in the signing messages according to first application program, entering to first application program
Row packet, during generation Band 1, can include at least one set of signature group, and signature group in the Band 1
There is unique correspondence with signing messages, i.e., for the signing messages and signature group, different signature group institutes
Corresponding signing messages is different, the signing messages of at least one first application programs included by each signature group
It is identical.
Specifically, the signature group of first application program can include:
The primary class signature group of system, hardware vendor's class signature group, equipment vendors' class signature group or application vendor label
Name group.
Wherein, for operating system is for the terminal of android system, the primary class signature group of its system is paddy
The song primary class signature groups of Google.Certainly, it is IOS systems or the end of windows systems for operating system
, there is the primary class signature group of the system corresponding to it at end, can correspond to for different operating system different
The primary class signature group of system, the embodiment of the present invention is not defined to the primary class signature group of system.
It should be noted that for the first application program, because the source of first application program is different,
Its corresponding signing messages is also different, and the source may be soft for the terminal hardware manufacturer, the terminal
Download of part manufacturer, the terminal sale businessman and the terminal user etc., it is possible that following situation:
It is included in the Band 1 of its generation when being grouped according to the signing messages of first application program
At least one signature group may be different;Certainly for same terminal different time according to first application program
Signing messages is grouped, and at least one included signature group is likely to difference in the Band 1 of its generation;
Signing messages of the embodiment of the present invention not to first application program is defined.
S103:According to the set-up time of first application program, first application program is grouped, it is raw
Into the second group, second group includes at least one set of time group, and time group has uniquely with the set-up time
Correspondence;
It should be noted that according to the set-up time of first application program, being carried out to first application program
It is grouped, generates the second group, second group can includes at least one set of time group, and time group and installation
Time has unique correspondence, i.e., for time group and set-up time, the peace corresponding to different time group
ETL estimated time of loading is different, and the set-up time of at least one first included application programs of each time group is identical.
Specifically, the set-up time according to first application program, is divided first application program
Group, can include:
According to the installed date of first application program, first application program is grouped.
It is understood that according to the set-up time of first application program, being carried out to first application program
Packet, can be according to the installed date of first application program, it is also possible to according to the essence of first application program
Really to the set-up time of hour, naturally it is also possible to time range is set, by the set-up time in same time range
The first application program be divided into one group, the embodiment of the present invention is not to first application program according to the set-up time
The specific packet situation of packet be defined.
S104:Judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1, if it is,
Step S105 is performed, if it is not, terminating flow;
Wherein, the predetermined condition at least includes:When the first included application program can cover at least one set
Between organize the first included application program;
S105:The first application program included by first signature group is defined as Virus.
For Virus, the signing messages of itself may be pretended or be modified as others by it when mounted
Signing messages, but all can be identical for its camouflage of the Virus of same alike result or the signing messages changed;
And can be installed on simultaneously in the terminal of its infection for the Virus of same alike result.
It is understood that the first application program included by first signature group is defined as Virus,
Can determine that the title of first application program (Virus), you can according to the first application program (disease
Malicious program) title, realize to the positioning of first application program (Virus).
It should be noted that judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1,
If it is, there is at least one set of signature group in proving the Band 1, at least one set of signature group meets default
Condition, this is pre-conditioned at least to include:The first included application program can at least one set of signature group
The first included application program of at least one set of time group of covering, at least one set of signature group is the first signature
Group, now, then can determine that the first application program included by first signature group is defined as Virus;
If it is not, then proving in the absence of the first pre-conditioned signature group is met, then to prove institute in all signature groups
Including the first application program all may be non-viral program, terminate flow.
For example, there are 3 signature groups of A, B, C in Band 1, wherein, wrapped in the A signature groups
The first application program a, b, c are included, the B signature groups include the first application program d, e, f, g, the C
Signature group includes the first application program h, m, n, o, p;When there is X, Y, Z 3 in the second group
Between group, the X signature groups include the first application program a, b, and the Y signature groups include the first application program
C, d, e, f, g, m, the Z signature groups include the first application program h, n, o, p;Understand, the A
Signature group include the first application program a, b, c cover the X signature groups include the first application program a,
B, it is determined that the A signature groups include that the first application program a, b, c are Virus.
In the scheme that the present embodiment is provided, identification first is present in the under the system directory of the terminal
One application program;Then according to the signing messages of first application program, first application program is entered
Row packet, generation includes the Band 1 of at least one set of signature group, wherein, signature group has with signing messages
Unique correspondence;According to the set-up time of first application program, first application program is grouped,
Generation includes the second group of at least one set of time group, wherein, time group has unique corresponding with the set-up time
Property;Judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1, if it is, should
The first application program included by first signature group is defined as Virus, wherein, the predetermined condition is at least wrapped
Include:The first included application program can cover the first included application program of at least one set of time group.
It can be seen that, can realize being installed on " stealth " identification of the Virus of terminal by this programme.
Further, in a practical situation, in the terminal, it is if being mounted with Virus, the disease
Compared with the application program of the non-viral program that the terminal is installed, its quantity can be relatively little for malicious program, and
If included signature group is relatively more in Band 1, with all of signature group in Band 1 and the
If all of time group is detected in two groups, it is necessary to time can be very long, in order to improve viral journey
The determination precision and saving detection time of sequence, the quantity of signature group present in Band 1 exceed
During given threshold, when determining the first signature group, the predetermined condition can also include:Included first applies journey
The minimum number of sequence;
Accordingly, the judgement whether there is the first signature group for conforming to a predetermined condition in the Band 1,
Can include:
Judge in the Band 1, if there is the first included application program can cover at least one set
First signature of the first included application program of time group and the minimum number of included first application program
Group.
For example, when the quantity of signature group included in Band 1 is less than a certain given threshold, sentence
Break in the Band 1 with the presence or absence of conform to a predetermined condition the first signature group when, the selected predetermined bar
Part can be:The first included application program can cover the first included application of at least one set of time group
Program;It is selected to be somebody's turn to do when the quantity of signature group included in Band 1 exceedes a certain given threshold
Predetermined condition can be:The first included application program can cover included the of at least one set of time group
The minimum number of one application program and included first application program.
Further, when the application program detection method that the application embodiment of the present invention is provided detects viral journey
After sequence, in order to preferably ensure the interests of user, after Virus is determined, carrying for correlation can be exported
Show information, be Virus to point out the user application program, so that user is operated accordingly, to this
Virus is processed, specifically, be based on step S101~step S105, as shown in Fig. 2 by this
After the first application program included by one signature group is defined as Virus, the embodiment of the present invention provided one
Planting application program detection method can also include:
S106:Output prompt message, to point out the first application program included by user first signature group true
It is set to Virus.
It should be noted that the prompt message can be auditory tone cues, can be pointed out for screen intensity, can be with
It is Word message prompting, prompting, etc. can also be redirected for interface, the embodiment of the present invention is not to the prompting
The prompting form of information is defined.
It is understood that output prompt message is applied with playing point out user to be classified as Virus first
The specific installation site of the title of program and the Virus, follow-up, user can believe for the prompting
Breath is operated accordingly to the Virus, wherein, the corresponding operation can be user manually to the disease
Malicious program carries out Force Deletion or unloading, and certain terminal can also carry out pressure and delete to the Virus automatically
Except or unloading, etc., this is all rational.
Further, based on step S101~step S105, as shown in figure 3, first signature group is wrapped
After the first application program for including is defined as Virus, the application program detection side that the embodiment of the present invention is provided
Method can also include:
S107:Obtain System Privileges, the forced unloading Virus.
Specifically, it is determined that the first application program included by first signature group for Virus after, can be with
Continue to take appropriate measures and the Virus deleted or unloaded from the terminal, then for this be difficult by
The application program deleted or unload, can obtain the System Privileges of the terminal, then the forced unloading disease first
Malicious program.It is understood that obtaining the tool of the System Privileges of the operating system of terminal in the embodiment of the present invention
Body implementation can be any one System Privileges acquisition modes of prior art, not limit herein.Lift
For example, the System Privileges can be root authority, wherein, after root authority is obtained, end can be controlled
Any object in end.
Corresponding to above method embodiment, as shown in figure 4, the embodiment of the present invention additionally provides one kind application journey
Sequence detection apparatus, the device can include:Determining module 401, the first grouping module 402, second packet mould
Block 403 and judge module 404;
The determining module 401:For recognizing the application program being present under the system directory of the terminal, it is defined as
First application program;
First grouping module 402:For the signing messages according to first application program, to first application
Program is grouped, and generates Band 1, and the Band 1 includes at least one set of signature group, and signature group with
Signing messages has unique correspondence;
The second packet module 403:For the set-up time according to first application program, to first application
Program is grouped, and generates the second group, and second group includes at least one set of time group, and time group and
Set-up time has unique correspondence;
The judge module 404:For judging in the Band 1 with the presence or absence of the first label for conforming to a predetermined condition
Name group, if it is, the first application program included by first signature group is defined as Virus, wherein,
The predetermined condition at least includes:It is included that the first included application program can cover at least one set of time group
The first application program.
Using the embodiment of the present invention, recognize that be present under the system directory of the terminal first applies journey first
Sequence;According to the signing messages of first application program, first application program is grouped, generated
Band 1 including at least one set of signature group, signature group has unique correspondence with signing messages;Foundation should
The set-up time of the first application program, first application program is grouped, when generation includes at least one set
Between the second group for organizing, time group and set-up time have unique correspondence;Judge be in the Band 1
It is no to there is the first signature group for conforming to a predetermined condition, if it is, first in first signature group is applied into journey
Sequence is defined as Virus, and the predetermined condition at least includes:The first included application program can cover to
The first included application program of few one group of time group, it is possible to achieve the virus of terminal is installed on to " stealth "
The identification of program.
Specifically, the predetermined condition also includes:The minimum number of included first application program;
The judge module 404 specifically for:
Judge in the Band 1, if there is the first included application program can cover at least one set
First signature of the first included application program of time group and the minimum number of included first application program
Group.
Specifically, the signature group of first application program can include:
The primary class signature group of system, hardware vendor's class signature group, equipment vendors' class signature group or application vendor label
Name group.
Specifically, the second packet module specifically for:
According to the installed date of first application program, first application program is grouped.
Further, as shown in figure 5, a kind of application program detection means that the embodiment of the present invention is provided may be used also
With including prompt message output module 405;
The prompt message output module 405:For the judge module 404 by included by first signature group
After one application program is defined as Virus, prompt message is exported, to point out the first signature group institute described in user
Including the first application program be defined as Virus.
Further, as shown in fig. 6, a kind of application program detection means that the embodiment of the present invention is provided may be used also
With including Unload module 406;
The Unload module 406:First included by first signature group is applied into journey for the judge module 404
After sequence is defined as Virus, System Privileges, the forced unloading Virus are obtained.
In addition, the embodiment of the present invention additionally provides a kind of terminal, as shown in fig. 7, the terminal can include:Shell
Body 701, processor 702, memory 703, circuit board 704 and power circuit 705, wherein, circuit board 704
The interior volume that housing 701 is surrounded is placed in, processor 702 and memory 703 are arranged on circuit board 704;
Power circuit 705, powers for each circuit or device for terminal;Memory 703 is used to store executable
Program code;Processor 702 run by reading the executable program code stored in memory 703 with can
The corresponding program of configuration processor code, for performing following steps:
Identification is present in the application program under the system directory of the terminal, is defined as the first application program;
According to the signing messages of first application program, first application program is grouped, generation first
Group, the Band 1 includes at least one set of signature group, and signature group has unique correspondence with signing messages;
According to the set-up time of first application program, first application program is grouped, generation second
Group, second group includes at least one set of time group, and time group has unique correspondence with the set-up time;
Judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1, if it is, should
The first application program included by first signature group is defined as Virus, wherein, the predetermined condition is at least wrapped
Include:The first included application program can cover the first included application program of at least one set of time group.
Processor 702 is to the specific implementation procedure and processor 702 of above-mentioned steps by running executable program
The step of code is further to perform, may refer to the description of Fig. 1-6 illustrated embodiments of the present invention, herein no longer
Repeat.
Using the embodiment of the present invention, recognize that be present under the system directory of the terminal first applies journey first
Sequence;According to the signing messages of first application program, first application program is grouped, generated
Band 1 including at least one set of signature group, signature group has unique correspondence with signing messages;Foundation should
The set-up time of the first application program, first application program is grouped, when generation includes at least one set
Between the second group for organizing, time group and set-up time have unique correspondence;Judge be in the Band 1
It is no to there is the first signature group for conforming to a predetermined condition, if it is, first in first signature group is applied into journey
Sequence is defined as Virus, and the predetermined condition at least includes:The first included application program can cover to
The first included application program of few one group of time group, it is possible to achieve the virus of terminal is installed on to " stealth "
The identification of program.
The terminal exists in a variety of forms, including but not limited to:
(1) mobile communication equipment:The characteristics of this kind equipment is that possess mobile communication function, and with provide speech,
Data communication is main target.This Terminal Type includes:Smart mobile phone (such as iPhone), multimedia handset,
Feature mobile phone, and low-end mobile phone etc..
(2) super mobile personal computer equipment:This kind equipment belongs to the category of personal computer, has calculating and locates
Reason function, typically also possesses mobile Internet access characteristic.This Terminal Type includes:PDA, MID and UMPC equipment
Deng such as iPad.
(3) portable entertainment device:This kind equipment can show and play content of multimedia.The kind equipment includes:
Audio, video player (such as iPod), handheld device, e-book, and intelligent toy and portable
In-vehicle navigation apparatus.
(4) server:The equipment that the service of calculating is provided, the composition of server include processor, hard disk, internal memory,
System bus etc., server is similar with general computer architecture, but due to needing to provide highly reliable clothes
Business, therefore at aspects such as disposal ability, stability, reliability, security, scalability, manageabilitys
It is required that higher.
(5) other have the electronic installation of data interaction function.
For device and terminal embodiment, because it is substantially similar to embodiment of the method, so description
It is fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
It should be noted that herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these
There is any this actual relation or order between entity or operation.And, term " including ", "comprising"
Or any other variant thereof is intended to cover non-exclusive inclusion, so that a series of mistake including key elements
Journey, method, article or equipment not only include those key elements, but also other including being not expressly set out
Key element, or it is this process, method, article or the intrinsic key element of equipment also to include.Do not having
In the case of more limitations, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, article or the equipment of element.
One of ordinary skill in the art will appreciate that realizing all or part of step in above method implementation method
Program be can be by instruct the hardware of correlation to complete, described program can be stored in computer-readable
In taking storage medium, storage medium designated herein, such as:ROM/RAM, magnetic disc, CD etc..
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the scope of the present invention.
All any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in
In protection scope of the present invention.
Claims (10)
1. a kind of application program detection method, it is characterised in that be applied to terminal, methods described includes:
Identification is present in the application program under the system directory of the terminal, is defined as the first application program;
According to the signing messages of first application program, first application program is grouped, generated
Band 1, the Band 1 includes at least one set of signature group, and signature group has uniquely with signing messages
Correspondence;
According to the set-up time of first application program, first application program is grouped, generated
Second group, second group includes at least one set of time group, and time group has uniquely with the set-up time
Correspondence;
Judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1, if it is, will
The first application program included by first signature group is defined as Virus, wherein, the predetermined condition
At least include:The first included application program can cover the first included application of at least one set of time group
Program.
2. method according to claim 1, it is characterised in that the predetermined condition also includes:Wrapped
Include the minimum number of the first application program;
The judgement whether there is the first signature group for conforming to a predetermined condition in the Band 1, including:
Judge in the Band 1, if there is the first included application program can cover at least one
First signature of the first included application program of group time group and the minimum number of included first application program
Group.
3. method according to claim 1 and 2, it is characterised in that the signature of first application program
Group includes:
The primary class signature group of system, hardware vendor's class signature group, equipment vendors' class signature group or application vendor label
Name group.
4. method according to claim 1 and 2, it is characterised in that described to apply journey according to described first
The set-up time of sequence, first application program is grouped, including:
According to the installed date of first application program, first application program is grouped.
5. method according to claim 1 and 2, it is characterised in that also include:
After the first application program included by first signature group is defined as into Virus, output prompting letter
Breath, to point out the first application program included by the first signature group described in user to be defined as Virus.
6. method according to claim 1 and 2, it is characterised in that also include:
After the first application program included by first signature group is defined as into Virus, system power is obtained
Limit, Virus described in forced unloading.
7. a kind of application program detection means, it is characterised in that be applied to terminal, described device includes:Really
Cover half block, the first grouping module, second packet module and judge module;
The determining module:For recognizing the application program being present under the system directory of the terminal, it is determined that
It is the first application program;
First grouping module:For the signing messages according to first application program, to described first
Application program is grouped, and generates Band 1, and the Band 1 includes at least one set of signature group, and signs
Name group has unique correspondence with signing messages;
The second packet module:For the set-up time according to first application program, to described first
Application program is grouped, and generates the second group, and second group includes at least one set of time group, and when
Between group with the set-up time there is unique correspondence;
The judge module:For judging in the Band 1 with the presence or absence of first for conforming to a predetermined condition
Signature group, if it is, the first application program included by first signature group is defined as Virus,
Wherein, the predetermined condition at least includes:The first included application program can cover at least one set of time
The first included application program of group.
8. device according to claim 7, it is characterised in that the predetermined condition also includes:Wrapped
Include the minimum number of the first application program;
The judge module specifically for:
Judge in the Band 1, if there is the first included application program can cover at least one
First signature of the first included application program of group time group and the minimum number of included first application program
Group.
9. the device according to claim 7 or 8, it is characterised in that the signature of first application program
Group includes:
The primary class signature group of system, hardware vendor's class signature group, equipment vendors' class signature group or application vendor label
Name group.
10. a kind of terminal, it is characterised in that including:Housing, processor, memory, circuit board and electricity
Source circuit, wherein, circuit board is placed in the interior volume that housing is surrounded, and processor and memory are arranged on electricity
On the plate of road;Power circuit, powers for each circuit or device for terminal;Memory is used to store and can hold
Line program code;Processor runs and can perform by reading the executable program code stored in memory
The corresponding program of program code, for performing following steps:
Identification is present in the application program under the system directory of the terminal, is defined as the first application program;
According to the signing messages of first application program, first application program is grouped, generated
Band 1, the Band 1 includes at least one set of signature group, and signature group has uniquely with signing messages
Correspondence;
According to the set-up time of first application program, first application program is grouped, generated
Second group, second group includes at least one set of time group, and time group has uniquely with the set-up time
Correspondence;
Judge with the presence or absence of the first signature group for conforming to a predetermined condition in the Band 1, if it is, will
The first application program included by first signature group is defined as Virus, wherein, the predetermined condition
At least include:The first included application program can cover the first included application of at least one set of time group
Program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511021184.0A CN106934284B (en) | 2015-12-30 | 2015-12-30 | Application program detection method and device and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511021184.0A CN106934284B (en) | 2015-12-30 | 2015-12-30 | Application program detection method and device and terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106934284A true CN106934284A (en) | 2017-07-07 |
CN106934284B CN106934284B (en) | 2020-02-11 |
Family
ID=59442541
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511021184.0A Active CN106934284B (en) | 2015-12-30 | 2015-12-30 | Application program detection method and device and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106934284B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102222183A (en) * | 2011-04-28 | 2011-10-19 | 奇智软件(北京)有限公司 | Mobile terminal software package safety detection method and system thereof |
CN102799824A (en) * | 2012-07-13 | 2012-11-28 | 珠海市君天电子科技有限公司 | Method and system for defending virus file with digital signature information |
CN103150510A (en) * | 2013-03-18 | 2013-06-12 | 珠海市君天电子科技有限公司 | Method and device for processing malicious behaviors of software |
CN103500311A (en) * | 2013-09-30 | 2014-01-08 | 北京金山网络科技有限公司 | Software testing method and system |
WO2014039455A1 (en) * | 2012-09-05 | 2014-03-13 | Symantec Corporation | Systems and methods for detecting illegitimate applications |
CN103646209A (en) * | 2013-12-20 | 2014-03-19 | 北京奇虎科技有限公司 | Cloud-security-based bundled software blocking method and device |
CN104462974A (en) * | 2014-12-19 | 2015-03-25 | 北京奇虎科技有限公司 | Program clearing method, device and system |
CN104680084A (en) * | 2015-03-20 | 2015-06-03 | 北京瑞星信息技术有限公司 | Method and system for protecting user privacy in computer |
CN104766008A (en) * | 2014-01-07 | 2015-07-08 | 腾讯科技(深圳)有限公司 | Application program installation package safety detection method and server |
CN104933364A (en) * | 2015-07-08 | 2015-09-23 | 中国科学院信息工程研究所 | Automatic malicious code homology judgment method and system based on calling behaviors |
-
2015
- 2015-12-30 CN CN201511021184.0A patent/CN106934284B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102222183A (en) * | 2011-04-28 | 2011-10-19 | 奇智软件(北京)有限公司 | Mobile terminal software package safety detection method and system thereof |
CN102799824A (en) * | 2012-07-13 | 2012-11-28 | 珠海市君天电子科技有限公司 | Method and system for defending virus file with digital signature information |
WO2014039455A1 (en) * | 2012-09-05 | 2014-03-13 | Symantec Corporation | Systems and methods for detecting illegitimate applications |
CN103150510A (en) * | 2013-03-18 | 2013-06-12 | 珠海市君天电子科技有限公司 | Method and device for processing malicious behaviors of software |
CN103500311A (en) * | 2013-09-30 | 2014-01-08 | 北京金山网络科技有限公司 | Software testing method and system |
CN103646209A (en) * | 2013-12-20 | 2014-03-19 | 北京奇虎科技有限公司 | Cloud-security-based bundled software blocking method and device |
CN104766008A (en) * | 2014-01-07 | 2015-07-08 | 腾讯科技(深圳)有限公司 | Application program installation package safety detection method and server |
CN104462974A (en) * | 2014-12-19 | 2015-03-25 | 北京奇虎科技有限公司 | Program clearing method, device and system |
CN104680084A (en) * | 2015-03-20 | 2015-06-03 | 北京瑞星信息技术有限公司 | Method and system for protecting user privacy in computer |
CN104933364A (en) * | 2015-07-08 | 2015-09-23 | 中国科学院信息工程研究所 | Automatic malicious code homology judgment method and system based on calling behaviors |
Also Published As
Publication number | Publication date |
---|---|
CN106934284B (en) | 2020-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105593868B (en) | Fingerprint identification method and device and mobile terminal | |
CN101430745B (en) | Digital rights management method and apparatus of mobile terminal | |
CN109564598B (en) | Terminal detection method and terminal | |
CN102404706B (en) | Method for managing tariff safety and mobile terminal | |
CN105407453A (en) | Bluetooth pairing method and device | |
CN104951685A (en) | Method and mobile terminal for running application programs | |
CN104184587A (en) | Voiceprint generation method, voiceprint generation server, client and voiceprint generation system | |
CN104125216A (en) | Method, system and terminal capable of improving safety of trusted execution environment | |
CN106778283A (en) | A kind of guard method of system partitioning critical data and system | |
CN105024986A (en) | Account login method, device and system | |
CN106934277A (en) | Application program detection method and device and terminal | |
CN107729764A (en) | Guard method, device, storage medium and the electronic equipment of sensitive information | |
CN105809471A (en) | Method and device for acquiring user attribute and electronic equipment | |
CN106155753A (en) | A kind of application program installation method, device and terminal | |
CN104683299A (en) | Control method for software registration, authentication server and terminal | |
US7437563B2 (en) | Software integrity test | |
CN103034810B (en) | A kind of detection method, device and electronic equipment | |
CN104899488B (en) | Numeric value transfer and device | |
CN106934284A (en) | Application program detection method and device and terminal | |
CN106372466A (en) | License burning and processing method and device of WIFI module | |
CN105049473A (en) | Application upgrading method and system | |
CN106055615A (en) | Method, device and system for obtaining music information | |
CN105787302B (en) | A kind of processing method of application program, device and electronic equipment | |
CN104102538A (en) | Information processing method and electronic equipment | |
CN104679785B (en) | Method and device for distinguishing software types |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |