CN108234469A - Mobile terminal application safety protecting method, apparatus and system - Google Patents
Mobile terminal application safety protecting method, apparatus and system Download PDFInfo
- Publication number
- CN108234469A CN108234469A CN201711455189.3A CN201711455189A CN108234469A CN 108234469 A CN108234469 A CN 108234469A CN 201711455189 A CN201711455189 A CN 201711455189A CN 108234469 A CN108234469 A CN 108234469A
- Authority
- CN
- China
- Prior art keywords
- information
- intended application
- application
- attack
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of mobile terminal application safety protecting method, apparatus and systems.Wherein, method includes:After intended application starts, the relevant information of intended application is obtained;Whether monitoring objective application is under attack;If so, obtaining attack information, and the relevant information of the attack information and the intended application is sent to server-side, so that server-side analyzes the relevant information of the attack information and the intended application;The analysis result of server-side feedback is received, security protection is carried out to intended application according to analysis result.Automation security protection to being applied in mobile terminal can be realized using this programme, avoid the drawbacks such as the privacy of user leakage brought for the malicious attack that mobile terminal is applied, property loss, improve the safety of mobile terminal application.
Description
Technical field
The present invention relates to field of computer technology, and in particular to a kind of mobile terminal application safety protecting method, device and
System.
Background technology
With the continuous development of science and technology and society, the appearance extreme enrichment of the types of applications in mobile terminal people
Working Life.However, repeated currently for the malicious attack applied in mobile terminal, so as to cause privacy of user leakage,
Property such as is damaged at the consequences.Especially when mobile terminal carries out root or uses modifier frame and simulator, easily feel
Malicious application is contaminated, so as to which the safety of mobile terminal be greatly reduced.It can be effectively to mobile terminal so still lacking one kind at present
In application carry out security protection scheme.
Invention content
In view of the above problems, it is proposed that the present invention overcomes the above problem in order to provide one kind or solves at least partly
State mobile terminal application safety protecting method, the apparatus and system of problem.
According to an aspect of the invention, there is provided a kind of mobile terminal application safety protecting method, including:
After intended application starts, the relevant information of intended application is obtained;
Whether monitoring objective application is under attack;
If so, attack information is obtained, and by the attack information and the relevant information of the intended application
Server-side is sent to, so that server-side analyzes the relevant information of the attack information and the intended application;
The analysis result of server-side feedback is received, security protection is carried out to intended application according to analysis result.
According to another aspect of the present invention, a kind of mobile terminal application safety device is provided, including:
Acquisition module after working as intended application startup, obtains the relevant information of intended application;
Monitoring modular, it is whether under attack suitable for monitoring objective application;
Sending module if under attack suitable for monitoring module monitors intended application, obtains attack information, and by described in
The relevant information of attack information and the intended application is sent to server-side, so that server-side believes the attack
The relevant information of breath and the intended application is analyzed;
Receiving module, suitable for receiving the analysis result of server-side feedback;
Protection module, suitable for carrying out security protection to intended application according to analysis result.
According to another aspect of the invention, a kind of mobile terminal application security protection system is provided, including above-mentioned shifting
Dynamic terminal applies safety device and the server-side;
Wherein, the server-side is suitable for the attack information and target that mobile terminal application safety device is sent
The relevant information of application is analyzed.
According to mobile terminal application safety protecting method provided by the invention, apparatus and system, first, when intended application opens
After dynamic, the relevant information of intended application is obtained;Whether monitoring objective application is under attack;If so, attack information is obtained, and
The relevant information of attack information and intended application is sent to server-side, for server-side to attack behavioural information and
The relevant information of intended application is analyzed;Receive server-side feedback analysis result, according to analysis result to intended application into
Row security protection.Automation security protection to being applied in mobile terminal can be realized using this programme, avoided for mobile terminal
The malicious attack of application and bring privacy of user leakage, the drawbacks such as property loss, improve the safety of mobile terminal application.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific embodiment for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this field
Technical staff will become clear.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is shown to be illustrated according to the flow of mobile terminal application safety protecting method provided by one embodiment of the present invention
Figure;
Fig. 2 shows the flows of mobile terminal application safety protecting method provided according to a further embodiment of the invention to show
It is intended to;
Fig. 3 shows the structural frames according to mobile terminal application safety device provided by one embodiment of the present invention
Figure;
Fig. 4 shows the structural frames according to mobile terminal application security protection system provided by one embodiment of the present invention
Figure.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Fig. 1 is shown to be illustrated according to the flow of mobile terminal application safety protecting method provided by one embodiment of the present invention
Figure.As shown in Figure 1, this method includes:
Step S110 after intended application starts, obtains the relevant information of intended application.
Wherein, intended application can be one or more.For example, intended application can be all on mobile terminal answers
With, or a certain in mobile terminal or certain several application, as intended application can be related to the payment class of user's property should
With or be related to privacy of user social class application etc..User can pass through preset setting interface dynamic change intended application.
Further, the relevant information of intended application is obtained.Wherein, the relevant information of intended application is and intended application
Relevant information of safe operation state etc., such as the package informatin of intended application, system version information.The present embodiment should to target
The particular content of relevant information is not construed as limiting, and those skilled in the art can voluntarily be set according to practical business demand.
Whether step S120, monitoring objective application are under attack.
During intended application is run, whether monitoring objective application is under attack.Wherein, monitoring objective application whether by
Specific method those skilled in the art of attack can voluntarily select, for example, can by monitoring objective application it is current it is occupied into
Whether new signal intrusion is had in journey, if so, performing step S130;Otherwise, then continue whether monitoring objective application is attacked
It hits.
Step S130 obtains attack information, and the relevant information of attack information and intended application is sent
To server-side, so that server-side analyzes the relevant information of attack behavioural information and intended application.
It, should by the attack information and target that monitor after monitoring that intended application is under attack in the step s 120
Relevant information is sent to server-side.Wherein, server-side is not located in mobile terminal.Server-side is receiving mobile terminal hair
After the attack information and intended application sent, the current security status of analysis intended application obtains corresponding analysis
As a result, and feed back to mobile terminal.
Step S140 receives the analysis result of server-side feedback, and security protection is carried out to intended application according to analysis result.
It is out of service to intended application progress according to the analysis result after the analysis result for receiving server-side feedback,
Or the security protections such as threat early warning.
According to mobile terminal application safety protecting method provided in this embodiment, after intended application starts, target is obtained
The relevant information of application;Whether monitoring objective application is under attack;If so, obtaining attack information, and attack is believed
The relevant information of breath and intended application is sent to server-side, so that server-side is to the phase of attack behavioural information and intended application
Information is closed to be analyzed;The analysis result of server-side feedback is received, security protection is carried out to intended application according to analysis result.It adopts
With this programme, it can be achieved that automation security protection to being applied in mobile terminal, avoids the malice for mobile terminal application from attacking
The drawbacks such as the privacy of user leakage hitting and bring, property loss improve the safety of mobile terminal application;Also, the present embodiment
In relevant information is just only sent to server-side after intended application is under attack, so as to reduce the flow of mobile terminal damage
Consumption;Also, it is not located at the server-side of mobile terminal by the way that relevant information is sent to and handles, can avoid to relevant information etc.
The drawbacks of mobile terminal resource being occupied in processing procedure and running of mobile terminal rate is caused to reduce.
Fig. 2 shows the flows of mobile terminal application safety protecting method provided according to a further embodiment of the invention to show
It is intended to.As shown in Fig. 2, this method includes:
Step S210 after intended application starts, obtains the base of the essential information of intended application, system residing for intended application
This information, and/or intended application running environment information.
Wherein, intended application can be one or more.For example, intended application can be all on mobile terminal answers
With, or a certain in mobile terminal or certain several application, as intended application can be related to the payment class of user's property should
With or be related to privacy of user social class application etc..User can pass through preset setting interface dynamic change intended application.
Further, the relevant information of intended application is obtained.Wherein, the relevant information of intended application is the base of intended application
The essential information of system residing for this information, intended application, and/or intended application running environment information.Wherein, intended application is basic
Information further comprises:Publisher, packet name, certificate, and/or the signing messages of intended application;The base of system residing for intended application
This information further comprises:System version number, and/or type;Intended application running environment information further comprises:Pacify in terminal
Third-party application list of dress etc..
Whether step S220, monitoring objective application are under attack.
During intended application is run, whether monitoring objective application is under attack.Specifically, monitoring objective application whether by
Kidnapped to so injections, Dex injections, dynamic debugging, and/or interface etc..It for example, can be by monitoring current goal using occupied
Whether new signal intrusion is had in process, if so, determining that intended application is injected by so, Dex injects, and/or dynamic debugging
Wait external attacks;When monitoring the page, whether the packet name for monitoring intended application operation stack top in jump procedure is correct, if so,
Determine that intended application is kidnapped by interface.
If monitoring, intended application is under attack, further performs step S230;Otherwise, continuing monitoring objective application is
It is no under attack.
Optionally, after monitoring whether intended application is under attack, information warning can be sent out, to provide mobile terminal
User's current goal is using under attack.Wherein, the present embodiment does not limit for the presentation mode of specific information warning, for example,
It can be the information warning of the forms such as voice, pop-up.
Step S230 obtains attack information, and attack information, the essential information of intended application, target is answered
Server-side is sent to the essential information, and/or intended application running environment information of residing system, so that server-side goes to attack
Relevant information for information and intended application is analyzed.
Specifically, after step S220 monitors that intended application is under attack, the attack information is obtained, and this is attacked
It hits the relevant information of intended application obtained in behavioural information and step S210 and is sent to server-side together.
Server-side is after the relevant information of attack information and intended application is received, the peace positioned at service end side
Full detecting and alarm is analyzed according to the relevant information of the attack information and intended application.Wherein, safety detection engine
For the safety detection engine based on machine learning and/or big data technology, by being trained to the detection of magnanimity application sample, constantly
Optimize the performance of safety detection engine.Optionally, to improve the detection efficiency to intended application safe condition, safety detection engine
Can also based on by symbol for core static analysis with reference in a manner of the dynamic detection by dynamic sandbox for core come to attack
The relevant information of information and intended application is analyzed.
Specifically, safety detection engine is according to the relevant information of attack information and intended application and positioned at server-side
Information in the information bank of side is compared, and the analysis result of intended application is determined according to comparison result, is set for intended application
After putting corresponding label, the relevant information of attack information and intended application is stored into information bank.Wherein, information bank
Including terminal risk information library, the counterfeit information bank of terminal, terminal fallacious message library, and/or attack information bank etc..Safety detection is drawn
It holds up and draws including counterfeit applied analysis sub- engine, malicious application analysis sub- engine, environmental monitoring sub- engine, and/or attack analysis
It holds up.For example, by counterfeit applied analysis sub- engine and/or malicious application analyze sub- engine to terminal counterfeit information bank, and/or end
Information in the fallacious message library of end is compared with the relevant information of the intended application received, determines whether intended application is imitative
Emit application;Alternatively, it is determined by the system environmental information residing for intended application of the environmental monitoring sub- engine in intended application
With the presence or absence of virus, wooden horse, and/or cheating application etc. or determining intended application running environment in intended application running environment
Whether it is simulator or root states;And attack analysis engine determines target according to the relevant information and attack of intended application
Using suffered specific attack signature, such as secondary packing, interface are kidnapped, so injects, dex injections.
The security threat that intended application is subject to can be tracked and traced to the source by the safety detection engine of server-side, accurately
Pinpoint threat source.After server-side analyzes the relevant information of attack behavioural information and intended application, analysis is tied
Fruit feeds back to mobile terminal.
Step S240 receives the analysis result of server-side feedback, and security protection is carried out to intended application according to analysis result.
Wherein, the analysis result of server-side feedback includes current goal application operation status safety information and/or threatens
Warning information.When the current goal application operation status safety information and/or threat early warning information that receive server-side feedback
Destination application operation can be terminated later and/or threat early warning information is presented.
According to mobile terminal application safety protecting method provided in this embodiment, after intended application starts, target is obtained
The essential information of system, and/or intended application running environment information residing for the essential information of application, intended application;Monitoring objective
Using whether under attack;If so, attack information is obtained, and by the basic letter of attack information and intended application
The essential information of system, and/or intended application running environment information are sent to server-side residing for breath, intended application, for service
The safety detection engine of end side analyzes the relevant information of attack behavioural information and intended application;And it is anti-to receive server-side
The analysis result of feedback carries out security protection according to analysis result to intended application.Using this programme, it can be achieved that in mobile terminal
The automation security protection of application accurately positions the security threat source of intended application, avoids for mobile terminal application
Malicious attack and bring privacy of user leakage, the drawbacks such as property loss, improve the safety of mobile terminal application.
Fig. 3 shows the structural frames according to mobile terminal application safety device provided by one embodiment of the present invention
Figure.As shown in figure 3, the device includes:Acquisition module 31, monitoring modular 32 and sending module 33, receiving module 34 and
Protection module 35.
Wherein, acquisition module 31 after working as intended application startup, obtain the relevant information of intended application.
Monitoring modular 32, it is whether under attack suitable for monitoring objective application.
Sending module 33 if under attack suitable for monitoring module monitors intended application, obtains attack information, and by institute
The relevant information for stating attack information and the intended application is sent to server-side, so that server-side is to the attack
The relevant information of information and the intended application is analyzed.
Receiving module 34, suitable for receiving the analysis result of server-side feedback.
Protection module 35, suitable for carrying out security protection to intended application according to analysis result.
Optionally, the relevant information of intended application includes:The base of system residing for the essential information of intended application, intended application
This information, and/or intended application running environment information.
Optionally, intended application essential information further comprises:Publisher, packet name, certificate, and/or the label of intended application
Name information;And/or the essential information of system further comprises residing for the intended application:System version number, and/or type;
And/or the intended application running environment information further comprises:The third-party application list installed in terminal.
Optionally, monitoring modular is further adapted for:Whether monitoring objective application is injected by so, Dex injections, dynamically adjusts
Examination, and/or interface are kidnapped.
Optionally, which further includes:Alarm module (not shown), suitable for monitoring that intended application is under attack
Afterwards, information warning is sent out.
Optionally, the analysis result of server-side feedback further comprises:Current goal application operation status safety information,
And/or threat early warning information.
Optionally, protection module 35 is further adapted for:It terminates destination application operation and/or threat early warning letter is presented
Breath.
Optionally, sending module 33 is further adapted for:The relevant information of attack information and intended application is sent
To server-side, for servicing the safety detection engine of end side according to attack information and the relevant information of the intended application
It is analyzed.
Optionally, safety detection engine is the safety detection engine based on machine learning and/or big data technology.
Optionally, sending module 33 is further adapted for:The relevant information of attack information and intended application is sent
To server-side, for servicing the safety detection engine of end side according to the attack information and the relevant information of intended application
It is compared with the information in the information bank of service end side, and point for the intended application is determined according to comparison result
Analysis for the intended application as a result, set corresponding label, by the attack information and the correlation of the intended application
Information is stored into information bank.
Optionally, information bank further comprises:Terminal risk information library, the counterfeit information bank of terminal, terminal fallacious message library,
And/or attack information bank;
And/or safety detection engine includes:Counterfeit applied analysis sub- engine, malicious application analysis sub- engine, environmental monitoring
Sub- engine, and/or attack analysis sub- engine.
Wherein, the specific implementation of modules can refer to explaining in Fig. 1 or embodiment illustrated in fig. 2 in the present embodiment
It states, this will not be repeated here.
According to mobile terminal application safety device provided in this embodiment, after intended application starts, target is obtained
The relevant information of application;Whether monitoring objective application is under attack;If so, obtaining attack information, and attack is believed
The relevant information of breath and intended application is sent to server-side, so that server-side is to the phase of attack behavioural information and intended application
Information is closed to be analyzed;The analysis result of server-side feedback is received, security protection is carried out to intended application according to analysis result.It adopts
With this programme, it can be achieved that automation security protection to being applied in mobile terminal, avoids the malice for mobile terminal application from attacking
The drawbacks such as the privacy of user leakage hitting and bring, property loss improve the safety of mobile terminal application.
Fig. 4 shows the structural frames according to mobile terminal application security protection system provided by one embodiment of the present invention
Figure.As shown in figure 4, the device includes:Mobile terminal application safety device 41 and server-side 42.
Wherein, server-side 42 is suitable for the attack information of mobile terminal application safety device transmission and target should
Relevant information is analyzed.
According to mobile terminal application security protection system provided in this embodiment, it can be achieved that applied in mobile terminal from
Dynamicization security protection, the disadvantages such as the privacy of user leakage for avoiding the malicious attack for mobile terminal application and bringing, property loss
The safety of mobile terminal application is improved at end.
So far, although those skilled in the art will appreciate that detailed herein have shown and described multiple showing for the present invention
Example property embodiment, still, without departing from the spirit and scope of the present invention, still can be directly true according to disclosure of invention
Determine or derive many other variations or modifications consistent with the principles of the invention.Therefore, the scope of the present invention is it should be understood that and recognize
It is set to and covers other all these variations or modifications.
It will be appreciated by those skilled in the art that embodiments of the present invention can be implemented as a kind of system, device, equipment,
Method or computer program product.In addition, the present invention is not also directed to any certain programmed language, it should be appreciated that can utilize each
Kind programming language realizes the content that the present invention describes, and the description done above to language-specific is to disclose the present invention
Preferred forms.
It should be noted that recognize although Website server, user terminal and identity are described in detail in explanation above
Several modules of card system, but this division is only exemplary, and is not enforceable.Those skilled in the art can
To understand, indeed, it is possible to adaptively be changed to the module in embodiment, by multiple block combiners in embodiment
Into a module, also a module can be divided into multiple modules.
In addition, although describing the present invention in the accompanying drawings with particular order implements operation, this is not required that or secretly
Desired knot must could be realized according to the particular order come the operation for performing these operations or having to carry out shown in whole by showing
Fruit.Certain steps are can be omitted, multiple steps are merged into a step execution or a step is divided into multiple steps and are held
Row.
It, can be in conclusion using identity identifying method of the present invention and system, Website server, user terminal
Realize certification rule of the certificate server dynamic adjustment Website server to user terminal, it, can due to certification rule flexibility and changeability
With reduce certification rule crack risk;Alternatively, after some certification rule is cracked, certification rule can be rapidly replaced
Then, solve the problems, such as that there are security risks due to the algorithm between certificate server and Website server is fixed, and further improve
The safety of identity authorization system, and enhance the safety of site resource and user information.
The method and specific implementation method of the present invention are described in detail, and give corresponding implementation above
Example.Certainly, in addition to the implementation, the present invention can also have other embodiment, all to use equivalent substitution or equivalent transformation shape
Into technical solution, all fall within invention which is intended to be protected.
The invention discloses:A1. a kind of mobile terminal application safety protecting method, including:
After intended application starts, the relevant information of intended application is obtained;
Whether monitoring objective application is under attack;
If so, attack information is obtained, and by the attack information and the relevant information of the intended application
Server-side is sent to, so that server-side analyzes the relevant information of the attack information and the intended application;
The analysis result of server-side feedback is received, security protection is carried out to intended application according to analysis result.
A2. the method according to A1, wherein, the relevant information of the intended application includes:
The essential information of system residing for the essential information of intended application, intended application, and/or intended application running environment letter
Breath.
A3. the method according to A2, wherein, the intended application essential information further comprises:The hair of intended application
Passerby, packet name, certificate, and/or signing messages;
And/or the essential information of system further comprises residing for the intended application:System version number, and/or type;
And/or the intended application running environment information further comprises:The third-party application list installed in terminal.
A4. the method according to any one of A1-A3, wherein, whether the monitoring objective application is under attack into one
Step includes:
Whether monitoring objective application is injected by so, Dex injects, dynamic debugging, and/or interface are kidnapped.
A5. the method according to any one of A1-A3, wherein, the method further includes:
After monitoring that intended application is under attack, information warning is sent out.
A6. the method according to any one of A1-A3, wherein, the analysis result of the server-side feedback is further wrapped
It includes:
Current goal application operation status safety information and/or threat early warning information.
A7. the method according to any one of A1-A3, wherein, it is described that intended application is pacified according to analysis result
Full protection further comprises:
It terminates destination application operation and/or threat early warning information is presented.
A8. the method according to any one of A1-A3, wherein, it is described and by the attack information and described
The relevant information of intended application is sent to server-side, so that server-side is to the attack information and the intended application
Relevant information carries out analysis and further comprises:
The relevant information of the attack information and the intended application is sent to server-side, for servicing end side
Safety detection engine analyzed according to the relevant information of the attack information and the intended application.
A9. the method according to A8, wherein, the safety detection engine is based on machine learning and/or big data skill
The safety detection engine of art.
A10. the method according to A9, wherein, the safety detection engine of the service end side is according to the attack
The relevant information of information and the intended application carries out analysis and further comprises:
The safety detection engine of end side is serviced according to the attack information and the relevant information of the intended application
It is compared, and the analysis knot of the intended application is determined according to comparison result with the information in the information bank of service end side
After setting corresponding label for the intended application, the attack information and the related of the intended application are believed for fruit
Breath is stored into information bank.
A11. the method according to A10, wherein, described information storehouse further comprises:
Terminal risk information library, the counterfeit information bank of terminal, terminal fallacious message library, and/or attack information bank;
And/or safety detection engine includes:Counterfeit applied analysis sub- engine, malicious application analysis sub- engine, environmental monitoring
Sub- engine, and/or attack analysis sub- engine.
The invention also discloses:B12. a kind of mobile terminal application safety device, including:
Acquisition module after working as intended application startup, obtains the relevant information of intended application;
Monitoring modular, it is whether under attack suitable for monitoring objective application;
Sending module if under attack suitable for monitoring module monitors intended application, obtains attack information, and by described in
The relevant information of attack information and the intended application is sent to server-side, so that server-side believes the attack
The relevant information of breath and the intended application is analyzed;
Receiving module, suitable for receiving the analysis result of server-side feedback;
Protection module, suitable for carrying out security protection to intended application according to analysis result.
B13. the device according to B12, wherein, the relevant information of the intended application includes:
The essential information of system residing for the essential information of intended application, intended application, and/or intended application running environment letter
Breath.
B14. the device according to B13, wherein, the intended application essential information further comprises:Intended application
Publisher, packet name, certificate, and/or signing messages;
And/or the essential information of system further comprises residing for the intended application:System version number, and/or type;
And/or the intended application running environment information further comprises:The third-party application list installed in terminal.
B15. the device according to any one of B12-B14, wherein, the monitoring modular is further adapted for:
Whether monitoring objective application is injected by so, Dex injects, dynamic debugging, and/or interface are kidnapped.
B16. the device according to any one of B12-B14, wherein, described device further includes:
Alarm module, suitable for after monitoring that intended application is under attack, sending out information warning.
B17. the device according to any one of B12-B14, wherein, the analysis result of the server-side feedback is further
Including:
Current goal application operation status safety information and/or threat early warning information.
B18. the device according to any one of B12-B14, wherein, the protection module is further adapted for:
It terminates destination application operation and/or threat early warning information is presented.
B19. the device according to any one of B12-B14, wherein, the sending module is further adapted for:
The relevant information of the attack information and the intended application is sent to server-side, for servicing end side
Safety detection engine analyzed according to the relevant information of the attack information and the intended application.
B20. the device according to B19, wherein, the safety detection engine is based on machine learning and/or big data
The safety detection engine of technology.
B21. the device according to B20, wherein, the sending module is further adapted for:
The relevant information of the attack information and the intended application is sent to server-side, for servicing end side
Safety detection engine according to the relevant information of the attack information and the intended application with positioned at service end side
Information in information bank is compared, and determines the analysis result for the intended application according to comparison result, is the mesh
Mark application sets corresponding label, and the relevant information of the attack information and the intended application is stored to information bank
In.
B22. the device according to B21, wherein, described information storehouse further comprises:
Terminal risk information library, the counterfeit information bank of terminal, terminal fallacious message library, and/or attack information bank;
And/or safety detection engine includes:Counterfeit applied analysis sub- engine, malicious application analysis sub- engine, environmental monitoring
Sub- engine, and/or attack analysis sub- engine.
The invention also discloses:C23. a kind of mobile terminal application security protection system, including such as any one of B12-B22
The mobile terminal application safety device and the server-side;
Wherein, the server-side is suitable for the attack information and target that mobile terminal application safety device is sent
The relevant information of application is analyzed.
Claims (10)
1. a kind of mobile terminal application safety protecting method, including:
After intended application starts, the relevant information of intended application is obtained;
Whether monitoring objective application is under attack;
If so, obtaining attack information, and the relevant information of the attack information and the intended application is sent
To server-side, so that server-side analyzes the relevant information of the attack information and the intended application;
The analysis result of server-side feedback is received, security protection is carried out to intended application according to analysis result.
2. according to the method described in claim 1, wherein, the relevant information of the intended application includes:
The essential information of system, and/or intended application running environment information residing for the essential information of intended application, intended application.
3. according to the method described in claim 2, wherein, the intended application essential information further comprises:Intended application
Publisher, packet name, certificate, and/or signing messages;
And/or the essential information of system further comprises residing for the intended application:System version number, and/or type;
And/or the intended application running environment information further comprises:The third-party application list installed in terminal.
4. method according to any one of claim 1-3, wherein, whether the monitoring objective application is under attack into one
Step includes:
Whether monitoring objective application is injected by so, Dex injects, dynamic debugging, and/or interface are kidnapped.
5. method according to any one of claim 1-3, wherein, the method further includes:
After monitoring that intended application is under attack, information warning is sent out.
6. method according to any one of claim 1-3, wherein, the analysis result of the server-side feedback is further wrapped
It includes:
Current goal application operation status safety information and/or threat early warning information.
7. method according to any one of claim 1-3, wherein, it is described that intended application is pacified according to analysis result
Full protection further comprises:
It terminates destination application operation and/or threat early warning information is presented.
8. method according to any one of claim 1-3, wherein, it is described and by the attack information and described
The relevant information of intended application is sent to server-side, so that server-side is to the attack information and the intended application
Relevant information carries out analysis and further comprises:
The relevant information of the attack information and the intended application is sent to server-side, for servicing the peace of end side
Full detecting and alarm is analyzed according to the relevant information of the attack information and the intended application.
9. a kind of mobile terminal application safety device, including:
Acquisition module after working as intended application startup, obtains the relevant information of intended application;
Monitoring modular, it is whether under attack suitable for monitoring objective application;
Sending module if under attack suitable for monitoring module monitors intended application, obtains attack information, and by the attack
The relevant information of behavioural information and the intended application is sent to server-side, for server-side to the attack information with
And the relevant information of the intended application is analyzed;
Receiving module, suitable for receiving the analysis result of server-side feedback;
Protection module, suitable for carrying out security protection to intended application according to analysis result.
10. a kind of mobile terminal application security protection system, including mobile terminal application security protection as claimed in claim 9
Device and server-side;
Wherein, the server-side is suitable for the attack information and intended application that mobile terminal application safety device is sent
Relevant information analyzed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711455189.3A CN108234469A (en) | 2017-12-28 | 2017-12-28 | Mobile terminal application safety protecting method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711455189.3A CN108234469A (en) | 2017-12-28 | 2017-12-28 | Mobile terminal application safety protecting method, apparatus and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108234469A true CN108234469A (en) | 2018-06-29 |
Family
ID=62649290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711455189.3A Pending CN108234469A (en) | 2017-12-28 | 2017-12-28 | Mobile terminal application safety protecting method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108234469A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110135154A (en) * | 2019-03-28 | 2019-08-16 | 江苏通付盾信息安全技术有限公司 | The injection attack detection system and method for application program |
| CN112601227A (en) * | 2020-12-29 | 2021-04-02 | 湖北快付宝信息科技有限公司 | Application safety protection method of mobile terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621511A (en) * | 2009-06-09 | 2010-01-06 | 北京安天电子设备有限公司 | Multilayer detecting method without local virus library and multilayer detecting system |
| CN105429956A (en) * | 2015-11-02 | 2016-03-23 | 重庆大学 | Malicious software detection system based on P2P dynamic cloud and malicious software detection method |
| CN105678167A (en) * | 2015-12-24 | 2016-06-15 | 北京奇虎科技有限公司 | Safety protection method and apparatus |
| CN106534174A (en) * | 2016-12-07 | 2017-03-22 | 北京奇虎科技有限公司 | Cloud protection method, apparatus and system of sensitive data |
| CN106713246A (en) * | 2015-11-17 | 2017-05-24 | 中国移动通信集团公司 | Method and apparatus for detecting application program page hijacking, and mobile terminal |
| CN107292173A (en) * | 2017-06-06 | 2017-10-24 | 北京奇虎科技有限公司 | File safety protection method, device and equipment |
-
2017
- 2017-12-28 CN CN201711455189.3A patent/CN108234469A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621511A (en) * | 2009-06-09 | 2010-01-06 | 北京安天电子设备有限公司 | Multilayer detecting method without local virus library and multilayer detecting system |
| CN105429956A (en) * | 2015-11-02 | 2016-03-23 | 重庆大学 | Malicious software detection system based on P2P dynamic cloud and malicious software detection method |
| CN106713246A (en) * | 2015-11-17 | 2017-05-24 | 中国移动通信集团公司 | Method and apparatus for detecting application program page hijacking, and mobile terminal |
| CN105678167A (en) * | 2015-12-24 | 2016-06-15 | 北京奇虎科技有限公司 | Safety protection method and apparatus |
| CN106534174A (en) * | 2016-12-07 | 2017-03-22 | 北京奇虎科技有限公司 | Cloud protection method, apparatus and system of sensitive data |
| CN107292173A (en) * | 2017-06-06 | 2017-10-24 | 北京奇虎科技有限公司 | File safety protection method, device and equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110135154A (en) * | 2019-03-28 | 2019-08-16 | 江苏通付盾信息安全技术有限公司 | The injection attack detection system and method for application program |
| CN112601227A (en) * | 2020-12-29 | 2021-04-02 | 湖北快付宝信息科技有限公司 | Application safety protection method of mobile terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11716348B2 (en) | Malicious script detection | |
| CN107483458A (en) | The recognition methods of network attack and device, computer-readable recording medium | |
| US20140173736A1 (en) | Method and system for detecting webpage Trojan embedded | |
| CN109347882B (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
| US11475133B2 (en) | Method for machine learning of malicious code detecting model and method for detecting malicious code using the same | |
| CN104361285B (en) | The safety detection method and device of mobile device application program | |
| CN104091140B (en) | A kind of information processing method and electronic equipment | |
| CN106850687A (en) | Method and apparatus for detecting network attack | |
| US10764311B2 (en) | Unsupervised classification of web traffic users | |
| CN109600362B (en) | Zombie host recognition method, device and medium based on recognition model | |
| EP2901290A1 (en) | Detecting malicious advertisements using source code analysis | |
| CN105844146B (en) | Method and device for protecting driver and electronic equipment | |
| CN108566399A (en) | Fishing website recognition methods and system | |
| CN106549980A (en) | A kind of malice C&C server determines method and device | |
| CN109753790A (en) | A kind of landing page monitoring method and system | |
| CN107103237A (en) | A kind of detection method and device of malicious file | |
| CN110336835A (en) | Detection method, user equipment, storage medium and the device of malicious act | |
| CN108600162A (en) | User authen method and device, computing device and computer storage media | |
| CN108234469A (en) | Mobile terminal application safety protecting method, apparatus and system | |
| CN111881449A (en) | Auxiliary analysis method and device for malicious codes | |
| CN104486312B (en) | A kind of recognition methods of application program and device | |
| CN103369555B (en) | A kind of method and apparatus for detecting mobile phone viruses | |
| CN110543783A (en) | Voting system and implementation method, equipment and storage medium thereof | |
| CN105447348B (en) | A kind of hidden method of display window, device and user terminal | |
| CN108337227B (en) | Method and middleware based on OpenID account login application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180629 |
|
| RJ01 | Rejection of invention patent application after publication |