CN107832605A - A kind of method and apparatus for protecting terminal security - Google Patents

A kind of method and apparatus for protecting terminal security Download PDF

Info

Publication number
CN107832605A
CN107832605A CN201711173879.XA CN201711173879A CN107832605A CN 107832605 A CN107832605 A CN 107832605A CN 201711173879 A CN201711173879 A CN 201711173879A CN 107832605 A CN107832605 A CN 107832605A
Authority
CN
China
Prior art keywords
software
terminal
behavior
installation
data information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711173879.XA
Other languages
Chinese (zh)
Inventor
林皓
葛明军
毕永东
顾德仲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Shenzhouxinyuan System Engineering Co Ltd
Original Assignee
Jiangsu Shenzhouxinyuan System Engineering Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Shenzhouxinyuan System Engineering Co Ltd filed Critical Jiangsu Shenzhouxinyuan System Engineering Co Ltd
Priority to CN201711173879.XA priority Critical patent/CN107832605A/en
Publication of CN107832605A publication Critical patent/CN107832605A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of method and apparatus for protecting terminal security, this method includes:S1:Obtain the software installation behavior of terminal;S2:Obtain the behavior of software grabs user data information in terminal;S3:By software installation behavior and the behavior of software grabs user data information, it is violation software to determine the software;S4:Determine that the terminal that the violation software is located at is dangerous terminal, and determine the position of the dangerous terminal;S5:The network of dangerous terminal is blocked, dangerous terminal is isolated with other-end.Software installation behavior includes but is not limited to change system file and edit the registry;The behavior of software grabs user data information includes but is not limited to obtain the document of user and the personal account number cipher of user.The present processes monitoring coverage is big, monitoring software basic act, the installation for preventing third party software, the automatic installation of prevention software and protection private data information, the comprehensive behavior to software can carry out management and control simultaneously, effectively protect the safety of terminal.

Description

A kind of method and apparatus for protecting terminal security
Technical field
The present invention relates to field of computer technology, more particularly to a kind of method and apparatus for protecting terminal security.
Background technology
With the development of information technology, the application software of various functions largely occurs, and meets the work and life of people Demand.But the Malware and rogue software at the same time on computer and mobile device emerge in an endless stream, user is difficult to screen. The software that particularly some manufacturers provide free, on surface function use, safety, but software can collect the hidden of user on backstage Personal letter ceases, such as:Geographical position, address list content, short message, photo etc., and these privacy informations are uploaded to the clothes of manufacturer silently It is engaged on device, causes information leakage hidden danger.
The main method of the supervision to software is that installation monitoring software installs and uninstalls progress to software in the prior art Monitoring, wherein mainly monitoring registration table, file system and process etc.;More also it is to intercept the installation of third party software, block Cut software of silent installation etc..
Although prior art has more monitoring software, these software coverages are small, and what is had can only protect privacy Data message, have can only monitoring software basic act, what is had can only prevent the installation of third party software, and can only preventing for having is soft , self-defect be present in the automatic installation of part.
The content of the invention
The embodiments of the invention provide a kind of method and apparatus for protecting terminal security, monitoring coverage is big, Neng Goutong When monitoring software basic act, prevent the installation of third party software, the automatic installation for preventing software and protection private data information, The comprehensive behavior to software carries out management and control, effectively protects the safety of terminal.
In a first aspect, the embodiments of the invention provide a kind of method for protecting terminal security, this method includes:
S1:Obtain the software installation behavior of terminal;
S2:Obtain the behavior of software grabs user data information in terminal;
S3:By software installation behavior and the behavior of software grabs user data information, it is violation software to determine the software;
S4:Determine that the terminal that the violation software is located at is dangerous terminal, and determine the position of the dangerous terminal;
S5:The network of the dangerous terminal is blocked, dangerous terminal is isolated with other-end.
Preferably, step S1 detailed process includes:Obtain the software installation behavior captured by System hook.
Preferably, software installation behavior includes but is not limited to bundle installation, plug-in unit installation, modification system file and modification note Volume table.
Preferably, step S2 detailed process includes:Obtain what is captured by the calling interface API monitoring tools of application program The behavior of software grabs user data information in terminal.
Preferably, the behavior of software grabs user data information includes but is not limited to obtain the picture of user, obtains user Document and obtain user personal account number cipher.
Second aspect, the embodiments of the invention provide a kind of device for protecting terminal security, the device includes:Installation obtains Module, data obtaining module, determining module, locating module and isolation module, wherein,
Acquisition module is installed, for obtaining the software installation behavior of terminal;
Data obtaining module, for obtaining the behavior of software grabs user data information in terminal;
Determining module, for by software installation behavior and the behavior of software grabs user data information, determining that the software is Violation software;
Locating module, for determining that the terminal that the violation software is located at is dangerous terminal, and determine the dangerous terminal Position;
Isolation module;For blocking the network of the dangerous terminal, dangerous terminal is isolated with other-end.
Preferably, acquisition module is installed to be specifically used for obtaining the software installation behavior captured by System hook.
Preferably, software installation behavior includes but is not limited to bundle installation, plug-in unit installation, modification system file and modification note Volume table.
Preferably, data obtaining module is specifically used for obtaining what is captured by the calling interface API monitoring tools of application program The behavior of software grabs user data information in terminal.
Preferably, the behavior of software grabs user data information includes but is not limited to obtain the picture of user, obtains user Document and obtain user personal account number cipher.
Compared with prior art, the present invention at least has the advantages that:
1. the application can be monitored accurately, and can customize a series of behaviors of monitoring software, the peace to protecting terminal Full property has high-efficiency.
2. behavior can be installed with monitoring software, while user's hardware information can be read with monitoring software, read user and pacified Fill the privacy informations such as software information;
3. the terminal that violation software is located at can be navigated to after finding violation software, the network of the terminal is blocked to prevent from feeling Contaminate other security terminals;
4. third party software installation can be intercepted, and intercept the silent installation of software.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis These accompanying drawings obtain other accompanying drawings.
Fig. 1 is a kind of flow chart of the method for protection terminal security that one embodiment of the invention provides;
Fig. 2 is a kind of structured flowchart of the device for protection terminal security that one embodiment of the invention provides.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments, based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
As shown in figure 1, the embodiments of the invention provide a kind of method for protecting terminal security, this method needs to use Windows API monitoring tools and windows System hooks.This method may comprise steps of:
S1:Obtain the software installation behavior of terminal.
In this step, software installation behavior can be monitored acquisition, and user's energy by windows System hooks The installation behavior of enough customized monitoring softwares, for example, binding installation, plug-in unit installation, kidnap browser, pop-up advertisement, computer Bullet is prompted, and changes system registry, changes the behavior such as starting up's item, change browser.Then it can just make in actual applications With CreateFile functions, when installing software changing the behaviors such as important system file will be crawled;In addition, can also Use the behaviors such as the RegCreateKeyEx functions crawl user software modification important registry information of system.So as to effectively supervise Control, reject unsafe acts.
S2:Obtain the behavior of software grabs user data information in terminal.
In this step, the behavior of software grabs user data information can be obtained by windows API monitoring tools. And the behavior of software grabs user data information can be captured hardware information, capture the picture of user, capture the document of user With the behavior such as personal account number cipher of crawl user.CreateFile Functional Analysis can be used whether to have in actual applications soft Part does not stop to scan computer document, obtains the private files such as user's picture, document.
What deserves to be explained is user can have with customized by driving layer crawl to need the software installation behavior monitored The information captured is needed a bit, and driving layer is better than application layer, monitors unlawful practice then it can be assumed that software is violation software.
S3:By software installation behavior and the behavior of software grabs user data information, it is violation software to determine the software.
In this step, windows System hooks monitor binding installation, plug-in unit installation, kidnap browser, pop-up is wide Announcement, computer bullet prompting, changes system registry, changes the behavior such as starting up's item, change browser, can be assumed that installation Software is violation software;Windows API monitoring tools grab software and obtain user's hardware information, the picture of user, user Document and user the behavior such as personal account number cipher, it can be assumed that being violation software to software.
S4:It is determined that the terminal that violation software is located at is dangerous terminal, and determine the position of the dangerous terminal.
In this step, the position of dangerous terminal can be determined by the IP address in network.Internally then may be used in network Position with the IP address according to dangerous terminal by router positioning dangerous terminal, and can further be remembered by the registration of terminal Record, navigates to particular location, so as to it is quick, accurately and efficiently handle dangerous terminal.
S5:The network of dangerous terminal is blocked, dangerous terminal is isolated with other-end.
In this step, the network of dangerous terminal is blocked, the propagation of virus can be effectively prevented from.In addition, may be used also To intercept the installation of violation software.Prompt message is can be sent out, makes user decide whether to continue the measures such as installation.
As shown in Fig. 2 the embodiments of the invention provide a kind of device for protecting terminal security, the device can include:Peace Acquisition module 1, data obtaining module 2, determining module 3, locating module 4 and isolation module 5 are filled, wherein,
Acquisition module 1 is installed, for obtaining the software installation behavior of terminal;
Data obtaining module 2, for obtaining the behavior of software grabs user data information in terminal;
Determining module 3, for by software installation behavior and the behavior of software grabs user data information, judging that the software is Violation software;
Locating module 4, for determining that the terminal that the violation software is located at is dangerous terminal, and determine the dangerous terminal Position;
Isolation module 5;For blocking the network of the dangerous terminal, dangerous terminal is isolated with other-end.
In an embodiment of the invention, acquisition module 1 is installed to be specifically used for obtaining the software peace by System hook crawl Dress behavior.
In an embodiment of the invention, software installation behavior includes but is not limited to bundle installation, plug-in unit installation, modification system System file and edit the registry.
In an embodiment of the invention, data obtaining module 2 is specifically used for obtaining the calling interface API by application program The behavior of software grabs user data information in the terminal of monitoring tools crawl.
In an embodiment of the invention, the behavior of software grabs user data information includes but is not limited to obtain user's Picture, the document for obtaining user and the personal account number cipher for obtaining user.
The contents such as the information exchange between each module, implementation procedure in said apparatus, due to implementing with the inventive method Example is based on same design, and particular content can be found in the narration in the inventive method embodiment, and here is omitted.
The embodiments of the invention provide a kind of computer-readable recording medium, the computer-readable recording medium includes:Execute instruction, when storage control Described in computing device during execute instruction, storage control performs the side of any described protection terminal security in above-described embodiment Method.
The embodiments of the invention provide a kind of storage control, the storage control includes:Processor, memory and total Line;Processor is connected with memory by bus;
When storage control is run, the execute instruction of computing device memory storage, so that storage control performs The method of any described protection terminal security in above-described embodiment.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity Or operation makes a distinction with another entity or operation, and not necessarily require or imply and exist between these entities or operation Any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant be intended to it is non- It is exclusive to include, so that process, method, article or equipment including a series of elements not only include those key elements, But also the other element including being not expressly set out, or also include solid by this process, method, article or equipment Some key elements.In the absence of more restrictions, the key element limited by sentence " including one ", is not arranged Except other identical factor in the process including the key element, method, article or equipment being also present.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in computer-readable storage medium, the program Upon execution, the step of execution includes above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.
It is last it should be noted that:Presently preferred embodiments of the present invention is the foregoing is only, is merely to illustrate the skill of the present invention Art scheme, is not intended to limit the scope of the present invention.Any modification for being made within the spirit and principles of the invention, Equivalent substitution, improvement etc., are all contained in protection scope of the present invention.

Claims (10)

  1. A kind of 1. method for protecting terminal security, it is characterised in that this method includes:
    S1:Obtain the software installation behavior of terminal;
    S2:Obtain the behavior of software grabs user data information in terminal;
    S3:By software installation behavior and the behavior of software grabs user data information, it is violation software to determine the software;
    S4:Determine that the terminal that the violation software is located at is dangerous terminal, and determine the position of the dangerous terminal;
    S5:The network of the dangerous terminal is blocked, dangerous terminal is isolated with other-end.
  2. 2. the method for protection terminal security according to claim 1, it is characterised in that
    Step S1 detailed process includes:Obtain the software installation behavior captured by System hook.
  3. 3. the method for protection terminal security according to claim 2, it is characterised in that
    Software installation behavior includes but is not limited to bundle installation, plug-in unit installation, modification system file and edit the registry.
  4. 4. the method for protection terminal security according to claim 1, it is characterised in that
    Step S2 detailed process includes:Obtain software in the terminal captured by the calling interface API monitoring tools of application program Capture the behavior of user data information.
  5. 5. the method for protection terminal security according to claim 4, it is characterised in that
    The behavior of software grabs user data information includes but is not limited to obtain the picture of user, the document of acquisition user and acquisition The personal account number cipher of user.
  6. 6. a kind of device for protecting terminal security, it is characterised in that the device includes:Install acquisition module, data obtaining module, Determining module, locating module and isolation module, wherein,
    Acquisition module is installed, for obtaining the software installation behavior of terminal;
    Data obtaining module, for obtaining the behavior of software grabs user data information in terminal;
    Determining module, for by software installation behavior and the behavior of software grabs user data information, determining the software in violation of rules and regulations Software;
    Locating module, for determining that the terminal that the violation software is located at is dangerous terminal, and determine the position of the dangerous terminal;
    Isolation module;For blocking the network of the dangerous terminal, dangerous terminal is isolated with other-end.
  7. 7. the device of protection terminal security according to claim 6, it is characterised in that installation acquisition module is specifically used for obtaining Take the software installation behavior captured by System hook.
  8. 8. the device of protection terminal security according to claim 7, it is characterised in that software installation behavior includes but unlimited In binding installation, plug-in unit installation, modification system file and edit the registry.
  9. 9. the device of protection terminal security according to claim 6, it is characterised in that data obtaining module is specifically used for obtaining Take the behavior of software grabs user data information in the terminal by the calling interface API monitoring tools crawl of application program.
  10. 10. the device of protection terminal security according to claim 9, it is characterised in that software grabs user data information Behavior include but is not limited to obtain user picture, obtain user document and obtain user personal account number cipher.
CN201711173879.XA 2017-11-22 2017-11-22 A kind of method and apparatus for protecting terminal security Pending CN107832605A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711173879.XA CN107832605A (en) 2017-11-22 2017-11-22 A kind of method and apparatus for protecting terminal security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711173879.XA CN107832605A (en) 2017-11-22 2017-11-22 A kind of method and apparatus for protecting terminal security

Publications (1)

Publication Number Publication Date
CN107832605A true CN107832605A (en) 2018-03-23

Family

ID=61653253

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711173879.XA Pending CN107832605A (en) 2017-11-22 2017-11-22 A kind of method and apparatus for protecting terminal security

Country Status (1)

Country Link
CN (1) CN107832605A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055383A (en) * 2021-03-13 2021-06-29 珠海市鸿瑞信息技术股份有限公司 Big data-based intelligent data chain situation perception system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744607A (en) * 2005-10-10 2006-03-08 广东省电信有限公司研究院 System and method for blocking worm attack
CN101727548A (en) * 2008-10-27 2010-06-09 联想(北京)有限公司 Computer safety monitoring system, comprehensive deciding device and method thereof
CN105243328A (en) * 2015-09-24 2016-01-13 哈尔滨工程大学 Behavioral characteristic based Ferry horse defense method
CN106162648A (en) * 2015-04-17 2016-11-23 上海墨贝网络科技有限公司 A kind of behavioral value method, server and system applying installation kit
CN106326731A (en) * 2015-06-30 2017-01-11 卡巴斯基实验室股份制公司 System and method of preventing installation and execution of undesirable programs

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1744607A (en) * 2005-10-10 2006-03-08 广东省电信有限公司研究院 System and method for blocking worm attack
CN101727548A (en) * 2008-10-27 2010-06-09 联想(北京)有限公司 Computer safety monitoring system, comprehensive deciding device and method thereof
CN106162648A (en) * 2015-04-17 2016-11-23 上海墨贝网络科技有限公司 A kind of behavioral value method, server and system applying installation kit
CN106326731A (en) * 2015-06-30 2017-01-11 卡巴斯基实验室股份制公司 System and method of preventing installation and execution of undesirable programs
CN105243328A (en) * 2015-09-24 2016-01-13 哈尔滨工程大学 Behavioral characteristic based Ferry horse defense method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055383A (en) * 2021-03-13 2021-06-29 珠海市鸿瑞信息技术股份有限公司 Big data-based intelligent data chain situation perception system
CN113055383B (en) * 2021-03-13 2021-08-24 珠海市鸿瑞信息技术股份有限公司 Big data-based intelligent data chain situation perception system

Similar Documents

Publication Publication Date Title
CN108804912B (en) Application program override detection method based on permission set difference
CN111782416B (en) Data reporting method, device, system, terminal and computer readable storage medium
CN101414997B (en) Method and apparatus for preventing malevolence program from accessing network
KR20130135952A (en) Processing method and device in application running
WO2016019893A1 (en) Application installation method and apparatus
CN103279706A (en) Method and device for intercepting installation of Android application program in mobile terminal
WO2015070633A1 (en) Privacy authority management method and apparatus
CN108763951B (en) Data protection method and device
CN107193666B (en) Control method and device for calling between application programs
CN109815700B (en) Application program processing method and device, storage medium and computer equipment
CN107944292B (en) Privacy data protection method and system
CN103856471A (en) Cross-site scripting attack monitoring system and method
US20190394234A1 (en) On-device network protection
CN106325993A (en) Freezing method of application program and terminal
CN105956461A (en) Method and terminal for intercepting driver loading
CN104036188B (en) Android malicious program detection method, device and equipment
CN106507300A (en) A kind of method for giving loss terminal for change, device and terminal
CN107832605A (en) A kind of method and apparatus for protecting terminal security
CN111488576B (en) Method and system for protecting tampering of home page, electronic equipment and storage medium
CN111783082A (en) Process tracing method, device, terminal and computer readable storage medium
CN116244677A (en) Method and device for detecting right-raising, electronic equipment and storage medium
CN108062472A (en) The detection method and system of application are extorted under a kind of Android platform
CN113852623B (en) Virus industrial control behavior detection method and device
CN106385413A (en) Intruding message flow processing method and device
CN102467622B (en) Method and device for monitoring opened file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180323

RJ01 Rejection of invention patent application after publication