CN107563188B - Application security evaluation method and device and computer storage medium - Google Patents
Application security evaluation method and device and computer storage medium Download PDFInfo
- Publication number
- CN107563188B CN107563188B CN201710817529.6A CN201710817529A CN107563188B CN 107563188 B CN107563188 B CN 107563188B CN 201710817529 A CN201710817529 A CN 201710817529A CN 107563188 B CN107563188 B CN 107563188B
- Authority
- CN
- China
- Prior art keywords
- application
- risk level
- operation behavior
- evaluated
- evaluating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a safety evaluation method of an application, which comprises the following steps: acquiring all operation behaviors of an application to be evaluated, and evaluating the risk level of each operation behavior; and summing the risk levels of the operation behaviors to obtain the risk level of the application to be evaluated. The invention also discloses a device of the application safety evaluation method, which can comprehensively and accurately evaluate the safety of the application used by the user.
Description
Technical Field
The invention relates to the field of software development and application, in particular to a method and a device for evaluating the safety of application and a computer storage medium.
Background
With the continuous development and progress of science and technology, the application of apps has become an essential tool in people's life. The application app is needed at any time in life and work, and the use of the app also relates to various information and privacy of people, such as: the geographic location of the user can be determined through the app, various social tool account numbers, bank card numbers, transaction information and the like are saved in the app, and therefore, the use safety of the app becomes a concern.
In order to determine whether an application downloaded by a user is secure, it is typically checked whether the application has access to secure data, or the number of times a secure event has been accessed, etc. The safety evaluation for the application is generally to evaluate the safety level of the application according to whether the execution event of a certain function or the execution events of several functions of the application are safe, and such evaluation is not comprehensive and accurate enough and is easy to miss or mistake.
Disclosure of Invention
The invention mainly aims to provide a method and a device for evaluating the safety of an application and a computer storage medium, and aims to solve the technical problems that the traditional evaluation application safety is not comprehensive and accurate enough and is easy to miss or mistake.
In order to achieve the above object, the present invention provides a method, an apparatus and a computer storage medium for evaluating the security of an application, wherein the method for evaluating the security of the application comprises the steps of:
acquiring all operation behaviors of an application to be evaluated, and evaluating the risk level of each operation behavior;
and summing the risk levels of the operation behaviors to obtain the risk level of the application to be evaluated.
Preferably, the step of obtaining all the operation behaviors of the application to be evaluated and evaluating the risk level of each operation behavior further includes:
when the application downloading operation is detected, taking the currently downloaded application as the application to be evaluated;
and when the downloading of the application to be evaluated is finished, executing the step of acquiring all operation behaviors of the application to be evaluated.
Preferably, the step of obtaining all the operation behaviors of the application to be evaluated and evaluating the risk level of each operation behavior includes:
obtaining the stored risk levels of the operation behaviors in a preset number, and storing the risk levels of the operation behaviors after evaluating the risk levels of the operation behaviors;
respectively averaging the risk levels of the operation behaviors;
and taking the average value as the risk level of each operation behavior.
Preferably, the step of evaluating the risk level of each operational behavior comprises:
and acquiring the risk level of each operation behavior according to a preset mapping relation between the operation behavior and the risk level.
Preferably, after the step of obtaining the risk level of each operation behavior according to the preset operation behavior and risk level mapping relationship table, the step of evaluating the risk level of each operation behavior further includes:
acquiring the use frequency of each operation behavior of a user in a preset time interval;
correcting the risk level of each operation behavior according to the use frequency;
and taking the corrected risk level as the risk level of each operation behavior.
Preferably, after the step of obtaining the risk level of each operation behavior according to the preset mapping relationship between the operation behavior and the risk level, the step of evaluating the risk level of each operation behavior further includes:
when a modification instruction of the risk level of the operation behavior is received, the operation behavior and the risk level corresponding to the modification instruction are obtained, and the risk level obtained based on the modification instruction is used as the risk level of the operation behavior.
In addition, in order to achieve the above object, the present invention further provides a device of a method for evaluating the security of an application, the device of the method for evaluating the security of an application includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the computer program implements the steps of the method as described above when executed by the processor.
In addition, to achieve the above object, the present invention further provides a computer-readable storage medium, on which a security evaluation program of an application is stored, and the security evaluation program of the application, when executed by a processor, implements the steps of the security evaluation method of the application as described above.
According to the application safety evaluation method, device and computer storage medium, the risk level of the application to be evaluated is obtained by obtaining all operation behaviors of the application to be evaluated, evaluating the risk level of each operation behavior, and summing the risk levels of each operation behavior. The safety of the application used by the user can be comprehensively and accurately evaluated.
Drawings
Fig. 1 is a schematic terminal structure diagram of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of a first embodiment of a security evaluation method applied in the present invention;
FIG. 3 is a schematic flow chart of a second embodiment of a security evaluation method applied in the present invention;
FIG. 4 is a schematic flow chart of a third embodiment of a security evaluation method applied in the present invention;
FIG. 5 is a schematic flow chart diagram illustrating a fourth embodiment of a security evaluation method applied in the present invention;
FIG. 6 is a schematic flow chart diagram illustrating a fifth embodiment of a security evaluation method applied in the present invention;
FIG. 7 is a flowchart illustrating a sixth embodiment of a security evaluation method applied in the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows:
acquiring all operation behaviors of an application to be evaluated, and evaluating the risk level of each operation behavior;
and summing the risk levels of the operation behaviors to obtain the risk level of the application to be evaluated.
In the prior art, the security evaluation for the application is generally to evaluate the security level of the application according to whether an execution event of a certain function or execution events of certain functions of the application are secure, and such evaluation manner is not comprehensive and accurate enough and is easy to miss or mistake.
The invention provides a solution, which is characterized in that the risk level of the application to be evaluated is obtained by acquiring all operation behaviors of the application to be evaluated, evaluating the risk level of each operation behavior and summing the risk levels of each operation behavior. The safety of the application used by the user can be comprehensively and accurately evaluated.
As shown in fig. 1, fig. 1 is a schematic terminal structure diagram of a hardware operating environment according to an embodiment of the present invention.
The terminal of the embodiment of the invention can be a smart phone, and can also be terminal equipment such as a PC, a tablet computer, a television and the like which are used in a network and are provided with various application programs.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a security evaluation program of an application.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to call the security evaluation program of the application stored in the memory 1005, and perform the following operations:
acquiring all operation behaviors of an application to be evaluated, and evaluating the risk level of each operation behavior;
and summing the risk levels of the operation behaviors to obtain the risk level of the application to be evaluated.
Further, the processor 1001 may call a program of a security evaluation method of an application stored in the memory 1004, and further perform the following operations:
when the application downloading operation is detected, taking the currently downloaded application as the application to be evaluated;
and when the downloading of the application to be evaluated is finished, executing the step of acquiring all operation behaviors of the application to be evaluated.
Further, the processor 1001 may call a program of a security evaluation method of an application stored in the memory 1004, and further perform the following operations:
obtaining the stored risk levels of the operation behaviors in a preset number, and storing the risk levels of the operation behaviors after evaluating the risk levels of the operation behaviors;
respectively averaging the risk levels of the operation behaviors;
and taking the average value as the risk level of each operation behavior.
Further, the processor 1001 may call a program of a security evaluation method of an application stored in the memory 1004, and further perform the following operations:
and acquiring the risk level of each operation behavior according to a preset mapping relation between the operation behavior and the risk level.
Further, the processor 1001 may call a program of a security evaluation method of an application stored in the memory 1004, and further perform the following operations:
acquiring the use frequency of each operation behavior of a user in a preset time interval;
correcting the risk level of each operation behavior according to the use frequency;
and taking the corrected risk level as the risk level of each operation behavior.
Further, the processor 1001 may call a program of a security evaluation method of an application stored in the memory 1004, and further perform the following operations:
when a modification instruction of the risk level of the operation behavior is received, the operation behavior and the risk level corresponding to the modification instruction are obtained, and the risk level obtained based on the modification instruction is used as the risk level of the operation behavior.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of a security evaluation method and device applied in the present invention;
the embodiment provides a method and a device for evaluating the safety of an application, and the method and the device for evaluating the safety of the application comprise the following steps:
step S10, acquiring all operation behaviors of the application to be evaluated, and evaluating the risk level of each operation behavior;
when the application to be evaluated is downloaded and installed, all operation behaviors of the application to be evaluated are determined by scanning and detecting a function list or an interface list of the application to be evaluated, and the risk level of the application is evaluated according to each operation behavior of the application. The risk level for evaluating each operation behavior is determined by a preset operation behavior and risk level mapping table, but later, the risk level can be improved according to the use condition of the user for the operation behavior of the application, such as an operation behavior with a high use frequency of the user, an operation behavior related to the personal privacy of the user, or an operation behavior related to the transaction payment of the user. In addition, the user can also modify the risk level of the operation behavior of the application by himself.
And step S20, summing the risk levels of the operation behaviors to obtain the risk level of the application to be evaluated.
And when the risk level of each operation behavior is obtained, adding and summing the risk levels of each operation behavior to obtain the risk level of the application to be evaluated. The summation set forth herein is one way, and may also be a weighted summation, and other calculation ways involving using the risk level of each operation behavior to obtain the risk level of the application to be evaluated are not listed here.
The application security evaluation method provided by this embodiment evaluates the risk level of each operation behavior by acquiring all operation behaviors of the application to be evaluated, and sums the risk levels of each operation behavior to obtain the risk level of the application to be evaluated. The safety of the application used by the user can be comprehensively and accurately evaluated.
Further, referring to fig. 3, a second embodiment of the safety evaluation method applied in the present invention is proposed based on the first embodiment, in this embodiment, before the step S10, the method further includes:
step S30, when the application downloading operation is detected, the application downloaded at present is taken as the application to be evaluated;
step S10, when the downloading of the application to be evaluated is completed, executing the step of acquiring all operation behaviors of the application to be evaluated.
In the technical scheme disclosed in the embodiment, when the downloading of the application to be evaluated is completed, the safety evaluation of the application is started, so that whether the downloaded application is safe or not can be known before the user uses the application, and the trouble of the user in using the unsafe application to work or life is avoided.
Further, the time for performing the safety evaluation on the application may also be the time when the terminal of the user is idle, or the time set by the user, or the time for receiving the evaluation instruction, and the evaluation time may not be specifically limited.
Further, referring to fig. 4, a third embodiment of the safety evaluation method applied in the present invention is proposed based on the first embodiment, in this embodiment, the step S10 includes:
step S40, obtaining the stored risk level of each operation behavior with preset quantity, and storing the risk level of the operation behavior after evaluating the risk level of each operation behavior;
step S50, averaging the risk levels of each operation behavior;
in step S60, the average value is used as the risk level of each operation behavior.
In the technical scheme disclosed in this embodiment, the latest N times of evaluation data using the current time point as the start date is taken, and the risk levels of each operation behavior obtained by the latest N times of evaluation are respectively averaged to obtain a more accurate risk level of each operation behavior in the current period of time. The average value is only one of the modes, and the weight distribution of the results of the latest N times of evaluation can be also used, for example, the risk level with higher weight is obtained when the evaluation is closer to the current time, or the lowest value and the highest value in the latest N times of evaluation can be removed, and then the modes of averaging and the like are adopted, so that the recent data can be correlated, and the influence of the more distant historical data on the existing results can be abandoned, so that the risk level of each operation behavior obtained by evaluation is more accurate, and the more accurate and comprehensive risk level of the application to be evaluated is obtained for the follow-up.
Further, referring to fig. 5, a fourth embodiment of the safety evaluation method applied in the present invention is proposed based on the first embodiment, in this embodiment, the step S10 includes:
and step S70, acquiring the risk level of each operation behavior according to the preset mapping relation between the operation behavior and the risk level.
In the technical scheme disclosed in this embodiment, the evaluation of the risk level of each operation behavior is realized through a preset mapping relation table of the operation behavior and the risk level, the risk level of each operation behavior can be obtained by directly obtaining data from a background, the operation is simple and visual, and the data is reliable and safe.
Further, if the operation behavior of the application is not in the preset operation behavior and risk level mapping relationship table, the risk level corresponding to the operation behavior may be obtained from the background server as a reference value, the preset operation behavior and risk level mapping relationship table is refreshed, the operation behavior and the risk level thereof are added to the mapping relationship table, and when the application is evaluated safely, the refreshed mapping relationship table is obtained to obtain the risk level of the operation behavior. Therefore, the risk level of the required operation behavior is obtained from the preset mapping relation table of the operation behavior and the risk level, the safety evaluation of the subsequent application is more accurate, and the condition of omission or error is avoided.
Further, referring to fig. 6, a fifth embodiment of the safety evaluation method applied in the present invention is proposed based on the fourth embodiment, in this embodiment, after the step S70, the step S10 further includes:
step S80, obtaining the use frequency of each operation behavior by the user in a preset time interval;
step S90, correcting the risk level of each operation behavior according to the use frequency;
and step S100, taking the corrected risk level as the risk level of each operation behavior.
In the technical scheme disclosed in this embodiment, a background counts the use condition of each operation behavior of a user within a preset time interval, and through data analysis, the preference of the user, the operation behavior frequently used by the user, or the operation behavior with higher safety requirement for the user can be known, and the risk level of the related operation behavior is improved based on the analysis result, so that the personal information of the user is more comprehensively protected by the operation to improve the application safety, and the condition that the default risk level of the system cannot meet the user requirement is avoided.
Further, referring to fig. 7, a sixth embodiment of the safety evaluation method applied in the present invention is proposed based on the fourth or fifth embodiment, in this embodiment, after the step S70, the step S10 further includes:
step S110, when receiving a modification instruction of the risk level of the operation behavior, acquiring the operation behavior and the risk level corresponding to the modification instruction, and taking the risk level obtained based on the modification instruction as the risk level of the operation behavior.
In the technical scheme disclosed in this embodiment, in the process of using the application by the user, the risk level can be modified by the user according to the security requirement of the corresponding operation behavior, and the modified risk level is used as the risk level of the operation behavior to participate in subsequent security evaluation of the application. Therefore, the whole scheme is more comprehensive and accurate, and the user requirements are better met.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be substantially or partially embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk), and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a cloud server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (5)
1. A safety evaluation method of an application is characterized by comprising the following steps: acquiring all operation behaviors of an application to be evaluated, and evaluating the risk level of each operation behavior;
summing the risk levels of the operation behaviors to obtain the risk level of the application to be evaluated;
wherein the step of evaluating the risk level of each operational behavior comprises:
acquiring the risk level of each operation behavior according to a preset mapping relation between the operation behavior and the risk level;
when a modification instruction of the risk level of an operation behavior is received, the operation behavior and the risk level corresponding to the modification instruction are obtained, and the risk level obtained based on the modification instruction is used as the risk level of the operation behavior;
acquiring the use frequency of each operation behavior of a user in a preset time interval;
correcting the risk level of each operation behavior according to the use frequency;
and taking the corrected risk level as the risk level of each operation behavior.
2. The method for evaluating the safety of an application according to claim 1, wherein the step of obtaining all the operation behaviors of the application to be evaluated and evaluating the risk level of each operation behavior further comprises:
when the application downloading operation is detected, taking the currently downloaded application as the application to be evaluated;
and when the downloading of the application to be evaluated is finished, executing the step of acquiring all operation behaviors of the application to be evaluated.
3. The method for evaluating the safety of the application according to claim 1, wherein the step of obtaining all the operation behaviors of the application to be evaluated and evaluating the risk level of each operation behavior comprises:
obtaining the stored risk levels of the operation behaviors in a preset number, and storing the risk levels of the operation behaviors after evaluating the risk levels of the operation behaviors;
respectively averaging the risk levels of the operation behaviors;
and taking the average value as the risk level of each operation behavior.
4. An apparatus for a method for security evaluation of an application, the apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to any one of claims 1 to 3.
5. A computer-readable storage medium, on which a security evaluation program of an application is stored, which when executed by a processor implements the steps of the method for evaluating the security of an application according to any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710817529.6A CN107563188B (en) | 2017-09-08 | 2017-09-08 | Application security evaluation method and device and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710817529.6A CN107563188B (en) | 2017-09-08 | 2017-09-08 | Application security evaluation method and device and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107563188A CN107563188A (en) | 2018-01-09 |
| CN107563188B true CN107563188B (en) | 2022-01-25 |
Family
ID=60980528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710817529.6A Active CN107563188B (en) | 2017-09-08 | 2017-09-08 | Application security evaluation method and device and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107563188B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109471804A (en) * | 2018-11-14 | 2019-03-15 | 苏州科达科技股份有限公司 | Application detection method, device and storage medium in iOS |
| CN110223140A (en) * | 2019-05-24 | 2019-09-10 | 深圳市彬讯科技有限公司 | A kind of network order competitive tender method, apparatus, computer equipment and storage medium |
| CN110472162B (en) * | 2019-08-20 | 2024-03-08 | 深圳前海微众银行股份有限公司 | Evaluation method, system, terminal and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103927485A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Android application program risk assessment method based on dynamic monitoring |
| CN105740715A (en) * | 2016-01-29 | 2016-07-06 | 广东欧珀移动通信有限公司 | Safety assessment method and terminal equipment |
-
2017
- 2017-09-08 CN CN201710817529.6A patent/CN107563188B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103927485A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Android application program risk assessment method based on dynamic monitoring |
| CN105740715A (en) * | 2016-01-29 | 2016-07-06 | 广东欧珀移动通信有限公司 | Safety assessment method and terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107563188A (en) | 2018-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109901881B (en) | Plug-in loading method and device of application program, computer equipment and storage medium | |
| CN107563188B (en) | Application security evaluation method and device and computer storage medium | |
| CN109688183B (en) | Group control equipment identification method, device, equipment and computer readable storage medium | |
| CN104978180B (en) | Unprocessed event prompting method and device and mobile terminal | |
| CN110502514B (en) | Data acquisition method, device, equipment and computer readable storage medium | |
| US20130036166A1 (en) | Systems and methods for sharing group status within a social network | |
| CN105988836A (en) | Application recommendation method and device | |
| EP3021250B1 (en) | Electronic device and method for suggesting response manual in occurrence of denial | |
| CN109710510B (en) | Code submitting method, device, equipment and readable storage medium | |
| CN107908956B (en) | Resource access request monitoring method and device and readable storage medium | |
| CN108197958B (en) | Method and device for counting off-line cattle and storage medium | |
| CN107920383B (en) | Wireless hotspot connection method, mobile terminal and computer-readable storage medium | |
| CN105447384B (en) | A kind of anti-method monitored, system and mobile terminal | |
| US7778660B2 (en) | Mobile communications terminal, information transmitting system and information receiving method | |
| CN109600738B (en) | User information updating method, device, equipment and storage medium | |
| CN106302821B (en) | Data request method and equipment thereof | |
| CN113076529B (en) | Access control method, device, computer readable storage medium and equipment | |
| CN107968799B (en) | Information acquisition method, terminal equipment and system | |
| CN115062304A (en) | Risk identification method and device, electronic equipment and readable storage medium | |
| CN114237794A (en) | Application available time duration display method, device, equipment and storage medium | |
| CN108805512A (en) | A kind of attendance information recording method and its equipment, system | |
| CN108471635B (en) | Method and apparatus for connecting wireless access points | |
| CN107330051B (en) | Noise reduction database calling method and device | |
| CN112291786A (en) | Wireless access point control method, computer device, and storage medium | |
| CN110826061A (en) | Method and device for detecting operating environment of mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |