CN109428871B

CN109428871B - Defense strategy determination method and device

Info

Publication number: CN109428871B
Application number: CN201710771173.7A
Authority: CN
Inventors: 余浩农; 罗锦坚; 詹勋昌; 翁培臻; 程超
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2017-08-31
Filing date: 2017-08-31
Publication date: 2020-12-01
Anticipated expiration: 2037-08-31
Also published as: CN109428871A

Abstract

The invention discloses a defense strategy determination method and device. The method comprises the following steps: acquiring a defense strategy matched with strategy influence information of a terminal from a server, calling a preset model by the server to determine the defense strategy according to the strategy influence information, and training the preset model according to acquired safety data to obtain the defense strategy; when a trigger signal for triggering display of a recommended item display interface is acquired, acquiring a target recommended item in each recommended item; and displaying the target recommendation item on a recommendation item display interface. In the embodiment of the invention, the terminal reports the strategy influence information to the server, the server adopts a preset model to formulate the defense strategy matched with the terminal according to the strategy influence information, the defense strategy determined by adopting the mode is more in line with the actual condition of the terminal and the personalized requirements of users, and in addition, the terminal screens according to preset display conditions before displaying the recommended items, thereby avoiding the interference caused by displaying the redundant recommended items.

Description

Defense strategy determination method and device

Technical Field

The embodiment of the invention relates to the technical field of network security, in particular to a defense strategy determination method and device.

Background

Currently, a terminal may encounter various risk events, such as Trojan horse virus, fraud phone, fraud short message, and so on. The user usually installs security software on the terminal, and the security software recommends a corresponding defense strategy so as to avoid loss brought to the user when the risk event occurs.

In the related art, the security software provides the defense strategy in the following manner: the method comprises the steps that a background server corresponding to security software pushes a cloud instruction to a terminal, the terminal obtains a defense strategy from the background server according to the cloud instruction, and when a user triggers the terminal to operate the security software, the terminal displays a corresponding security protection interface which comprises the defense strategy. In addition, the safety protection interface is also provided with an operation control for realizing safety scanning or virus searching and killing, and a user can click the operation control to trigger the terminal to perform safety scanning or virus searching and killing, so that safety protection is realized.

In the related art, the defense strategies (including the defense strategies, the security scanning options, and the virus killing options acquired from the background server) displayed on the security protection interface of any terminal are all the same, the method for determining the defense strategies is not flexible enough, and in addition, the terminal may display the defense strategies that are not necessarily displayed, for example, the terminal has opened account security protection, and the terminal still displays the defense strategy "whether to open account security protection".

Disclosure of Invention

The embodiment of the invention provides a method and a device for determining a defense strategy, which are used for solving the problem that the determination of the defense strategy and the exhibition of the defense strategy are not flexible enough in the related technology. The technical scheme is as follows:

in a first aspect, a defense strategy determination method is provided, and the method includes:

acquiring a defense strategy matched with strategy influence information of a terminal from a server, wherein the strategy influence information comprises at least one of equipment information, environment information and operation information, the defense strategy comprises at least one recommendation item, the defense strategy is determined by calling a preset model by the server according to the strategy influence information, and the preset model is obtained by training according to acquired safety data;

when a trigger signal for triggering display of a recommended item display interface is acquired, acquiring a target recommended item in each recommended item, wherein the target recommended item is a recommended item meeting a preset display condition;

and displaying the target recommended item on the recommended item display interface.

In a second aspect, a defense strategy determination method is provided, the method comprising:

acquiring strategy influence information of a terminal, wherein the strategy influence information comprises at least one of equipment information, environment information and operation information;

calling a preset model to determine a defense strategy matched with the strategy influence information, wherein the defense strategy comprises at least one recommendation item, and the preset model is obtained by training according to the acquired safety data;

pushing the defense strategy to the terminal so that the defense strategy displays a target recommended item in the recommended items on the terminal in a mode of displaying an interface; the target recommendation item is a recommendation item meeting a preset display condition.

In a third aspect, a defense policy determination apparatus is provided, the apparatus comprising:

the strategy acquisition module is used for acquiring a defense strategy matched with strategy influence information of a terminal from a server, wherein the strategy influence information comprises at least one of equipment information, environment information and operation information, the defense strategy comprises at least one recommendation item, the defense strategy is determined by calling a preset model by the server according to the strategy influence information, and the preset model is obtained by training according to acquired safety data;

the recommendation item acquisition module is used for acquiring a target recommendation item in each recommendation item when a trigger signal for triggering display of a recommendation item display interface is acquired, wherein the target recommendation item is a recommendation item meeting a preset display condition;

and the recommended item display module is used for displaying the target recommended item on the recommended item display interface.

In a fourth aspect, a defense policy determination apparatus is provided, the apparatus comprising:

the information acquisition module is used for acquiring strategy influence information of the terminal, wherein the strategy influence information comprises at least one of equipment information, environment information and operation information;

the strategy determining module is used for calling a preset model to determine a defense strategy matched with the strategy influence information, the defense strategy comprises at least one recommendation item, and the preset model is obtained by training according to the acquired safety data;

the strategy providing module is used for pushing the defense strategy to the terminal so that the defense strategy displays a target recommended item in the recommended items on the terminal in a mode of displaying an interface; the target recommendation item is a recommendation item meeting a preset display condition.

In a fifth aspect, a defense strategy determination system is provided, the system comprises a terminal and a server;

the terminal comprises the apparatus of the third aspect;

the server comprises an apparatus according to the fourth aspect.

In a sixth aspect, a terminal is provided, which comprises a processor and a memory, wherein the memory stores at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by the processor to implement the defense policy determination method according to the first aspect.

In a seventh aspect, there is provided a server comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by the processor to implement the defense policy determination method according to the second aspect.

In an eighth aspect, there is provided a computer readable storage medium having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by a processor to implement the defense policy determination method according to the first aspect or the defense policy determination method according to the second aspect.

In a ninth aspect, there is provided a computer program product for performing the defense policy determination method of the first or second aspect when executed.

The technical scheme provided by the embodiment of the invention can bring the following beneficial effects:

the strategy influence information is reported to the server through the terminal, and the server adopts a preset model to formulate a defense strategy matched with the terminal according to the strategy influence information. In addition, before the recommendation items are displayed, the terminal firstly performs screening according to preset display conditions, so that interference caused by displaying of redundant recommendation items is avoided.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

FIG. 1 is a schematic diagram of an application scenario provided by one embodiment of the present invention;

FIG. 2 is a flow diagram of a defense policy determination method provided by one embodiment of the invention;

FIG. 3 is an interface schematic of an operation guide provided by one embodiment of the present invention;

FIG. 4 is a schematic diagram of determining a defense policy provided by one embodiment of the invention;

FIG. 5 is a flow diagram of a defense policy determination method provided by another embodiment of the present invention;

FIG. 6 is a block diagram of a defense policy determination apparatus provided by one embodiment of the present invention;

fig. 7 is a block diagram of a defense policy determination apparatus provided by another embodiment of the present invention;

fig. 8 is a block diagram of a terminal according to an embodiment of the present invention;

fig. 9 is a block diagram of a server according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Referring to fig. 1, a schematic diagram of an application scenario provided by an embodiment of the present invention is shown. The application scenario may include: a terminal 10 and a server 20.

The terminal 10 may be an electronic device such as a mobile phone, a tablet computer, an electronic book reader, a multimedia playing device, a wearable device, a laptop portable computer, or a desktop computer. Optionally, an application program for implementing security protection is installed in the terminal.

The server 20 is used to provide security services to the terminal 10, such as intercepting short messages that may be at risk, etc. Optionally, the server 20 is a backend server corresponding to the application program for implementing security protection. The server 20 may be a server, a server cluster composed of several servers, or a cloud computing service center.

The server 20 may establish a communication connection with the terminal 10 through a network. The network may be a wireless network or a wired network.

The embodiment of the invention provides a personalized defense strategy customization scheme, which is characterized in that strategy influence information is reported to a server through a terminal, a preset model is adopted by the server to formulate a defense strategy matched with the terminal according to the strategy influence information, and the defense strategy determined by the method is more in line with the actual situation of the terminal and the personalized requirements of users. In addition, before the recommendation items are displayed, the terminal firstly performs screening according to preset display conditions, so that interference caused by displaying of redundant recommendation items is avoided.

Referring to fig. 2, a flowchart of a defense policy determination method according to an embodiment of the present invention is shown. The method can be applied to the application scenario shown in fig. 1. The method may comprise the steps of:

step 201, the server obtains the policy impact information of the terminal.

The policy impact information refers to information that can impact the server in determining the defense policy. The policy impact information of the terminal comprises an identification of the terminal. The policy impact information of the terminal further includes at least one of device information, environment information, and operation information.

The device information is used for describing the condition of the terminal, and may include at least one of the following situations: whether an illegal application program is downloaded and/or installed in the terminal or not, wherein the illegal application program refers to an application program with an illegal download source (for example, an application program downloaded from a browser); whether the terminal accesses a phishing website generally refers to a website disguised as a bank and electronic commerce and used for stealing private information such as a bank account number, a password and the like submitted by a user; whether the terminal receives the risk short message or not is judged, the risk short message is a short message comprising a specified keyword, and the specified keyword can be remittance, transfer, hospital, court, bank and the like, and the method is not limited in the embodiment of the invention; whether the terminal receives a risk incoming call or not means that the corresponding telephone number is not the telephone number stored in the terminal.

The environment information is used for describing the environment condition of the terminal, and may include at least one of the following situations: whether the terminal is under the coverage of the pseudo base station or not, wherein the pseudo base station is a simulation base station, is not connected with a mobile communication network, forcibly attracts a mobile phone terminal to establish communication connection with the mobile phone terminal by transmitting a wireless signal with high power, and can be disguised as any calling number to send short messages with any number and content to a user; whether the terminal is connected with a risk WiFi (Wireless Fidelity), which may refer to a WiFi without a password or a public WiFi, and is not limited in the embodiment of the present invention.

The operation information is used for describing an operation performed by a user on the terminal, and may include at least one of the following cases: a user triggers a terminal to log in a client of a specified application program, wherein the specified application program can be a payment application program, a social contact application program, a shopping application program and the like, and the embodiment of the invention is not limited to the above; the user sets the authority for the application program, for example, the user sets the authority "acquire current location information" for the application program a, and the user sets the authority "acquire short message content" for the application program B.

Optionally, the policy impact information may further include frequency information and quantity information. For example, when the terminal accesses a phishing website, the frequency information refers to the number of times the terminal accesses the phishing website; for another example, when the terminal installs an illegal application, the number information refers to the number of illegal applications installed by the terminal.

The policy influence information can be acquired by a processor of the terminal, and also can be acquired by application software installed in the terminal and used for realizing safety protection. In addition, the policy influence information may be acquired within a latest preset time, and the latest preset time may be set according to an actual requirement, for example, the latest preset time is within the latest 7 days, which is not limited in the embodiment of the present invention.

Optionally, the policy impact information acquired by the server is sent by the terminal. Optionally, the terminal sends the policy impact information to the server at intervals of a preset time, where the preset time may also be set according to an actual requirement, for example, the preset time is 1 day, and this is not limited in the embodiment of the present invention. In addition, before the terminal sends the policy impact information to the server, whether the terminal is connected with the secure WiFi may be detected, if the terminal is connected, the step of sending the policy impact information to the server is executed, and if the terminal is not connected, the step of sending the policy impact information to the server is not executed. By the method, the situation that the terminal sends the strategy to the server to influence the information consumption flow can be avoided.

Step 202, the server calls a preset model to determine a defense strategy matched with the strategy influence information.

And the preset model is obtained by training according to the acquired safety data. The security data comprises security data of multiple dimensions such as users, equipment and environments. The collection of the security data can be completed by a security product client (for example, a client corresponding to an application program for implementing security protection), and also can be completed by a multi-product matrix. The multi-product matrix may include a social client, a payment client, a shopping client, and the like, which is not limited by the embodiment of the present invention. In the embodiment of the present invention, the preset model may be an Expert System (ES), or may be a model obtained by training through a Logistic Regression (LR) algorithm, which is not limited in the embodiment of the present invention.

The defense strategy includes at least one recommendation. The recommended item is a solution which is made by the server for the terminal and is used for realizing safety protection. And the server takes the strategy influence information uploaded by the terminal as the input of a preset model, so as to obtain a corresponding recommendation item. The server determines different recommendation items for the device information, the environment information, and the operation information.

For example, when an illegal application is downloaded and/or installed in the terminal, and/or the terminal accesses a phishing website, the defense strategy determined by the server is "perform security scanning every day"; for another example, the terminal receives a risk short message, and/or the defense strategy determined by the server is "open short message, incoming call interception authority" when the terminal receives a risk incoming call. For another example, when the terminal is under the coverage of the pseudo base station, and/or the terminal is connected with a risk WiFi, and/or when the user sets the right for the application, the defense policy determined by the server is "open floating window reminding right". For another example, when the user triggers the terminal to log in the client of the specified application program, the defense policy determined by the server is "open account security protection".

Step 203, the server pushes the defense strategy to the terminal.

Since the defense strategy needs to be displayed to the user by the terminal, the server needs to push the defense strategy to the terminal after determining the defense strategy. Optionally, the server pushes the defense policy to the terminal in the following two possible implementations.

In a first possible implementation, step 203 may include the following sub-steps:

step 203a, the server sends a strategy acquisition instruction to the terminal;

and the strategy acquisition instruction is used for instructing the terminal to acquire the defense strategy from the server. In this example, the terminal periodically sends policy impact information to the server, which also periodically provides defense policies to the terminal. The period of sending the policy influence information to the server by the terminal may be the same as or different from the period of providing the defense policy to the terminal by the server. For example, the terminal sends policy impact information to the server every 1 day, and the server provides a defense policy to the terminal every 7 days. After the server determines the defense strategy each time, the server actively sends a strategy acquisition instruction to the terminal so as to inform the user of acquiring the defense strategy.

Optionally, after the server determines the defense strategy for the first time, directly sending a strategy acquisition instruction to the terminal; after the server determines the defense strategy to the terminal for the ith time, the server may first detect whether the defense strategy is updated, and if the defense strategy is updated, execute a step of sending a strategy acquisition instruction to the terminal, where i is a positive integer greater than 1. Optionally, the server detects whether the repair policy determined this time is the same as the repair policy determined last time, if so, the defense policy is updated, and if so, the defense policy is not updated.

Correspondingly, the terminal receives the strategy acquisition instruction sent by the server.

Step 203b, the terminal sends a first policy acquisition request to the server according to the policy acquisition instruction;

the first policy acquisition request is used for requesting a defense policy, and the first policy acquisition request carries an identifier of the terminal.

And step 203c, the server sends a defense strategy to the terminal according to the first strategy acquisition request.

In one example, the server sends the defense strategy determined this time to the terminal. For example, if the defense policy determined this time includes recommendation items B and D, the server may send the recommendation items B and D to the terminal.

In another example, the server compares the defense strategy determined this time with the defense strategy determined last time to determine an updated recommended item, and the server sends the updated recommended item to the terminal. And the updated recommended item belongs to the defense strategy determined this time but not the defense strategy determined last time. For example, the defense strategy determined this time includes recommendation items B and D, the defense strategy determined last time includes recommendation items A, B and C, and the server sends an updated recommendation item D to the terminal.

Accordingly, the terminal acquires the defense strategy provided by the server and stores the defense strategy. Optionally, the terminal stores the defense policy in a Flash Memory (Flash Memory) of the terminal.

In addition, when the terminal receives the defense policy specified this time by the server, the terminal sets the defense policy received last time to invalid, and further, the terminal deletes all the defense policies received last time. When the terminal receives the updated recommendation item sent by the server, invalid information sent by the server is also received, and the invalid information is used for indicating that part of the recommendation item stored by the terminal is invalid. In connection with the specific example in the other example above, the revocation information is used to indicate that the recommendation items a and C have been revoked.

In a second possible implementation, step 203 may include the following sub-steps:

and step 203d, when a trigger signal for triggering display of the recommended item display interface is acquired, sending a second strategy acquisition request to the server.

And the recommended item display interface is used for displaying the recommended items. Optionally, the recommended item presentation interface is a secondary interface of an application installed on the terminal for implementing security protection. The main interface of the application program comprises a recommended item viewing entry, and when a user clicks the recommended item viewing entry, the terminal acquires a trigger signal for triggering display of a recommended item display interface, and then the terminal actively sends a second strategy acquisition request to the server. The second policy obtaining request is used for requesting a defense policy, and the second policy obtaining request carries the identifier of the terminal.

And step 203e, the server sends a defense strategy to the terminal according to the second strategy acquisition request.

Here, the defense policy sent by the server may be determined in real time by the server, for example, the terminal carries policy influence information in the policy acquisition request, and the server determines the defense policy according to the policy influence information carried in the policy acquisition request and returns the determined defense policy to the terminal. The defense strategy received by the terminal can also be predetermined and stored by the server.

The two examples can be combined with each other, that is, the terminal periodically obtains the defense strategy from the server, and after the user triggers the terminal to display the recommendation item presentation interface, the terminal also obtains the defense strategy from the server. Optionally, after the user triggers the terminal to display the recommended item display interface, the terminal first detects whether an effective recommended item exists locally, if so, the effective recommended item is directly read and a target recommended item in the effective recommended item is obtained, and if not, a step of sending a second policy obtaining request to the server is executed.

And 204, when a trigger signal for triggering display of the recommended item display interface is acquired, acquiring a target recommended item in each recommended item.

One possible implementation manner of the terminal acquiring the trigger signal for triggering the display of the recommended item presentation interface is shown in the step 203 d. In other possible examples, the application program pushes a notification message to a notification bar of the terminal, where the notification message is used to guide the user to view the recommended item, and when the user clicks the notification message, the terminal acquires a trigger signal for triggering display of a recommended item display interface.

The target recommendation item is a recommendation item meeting a preset display condition. The preset display condition is a condition which needs to be met when the terminal displays the target recommendation item on the recommendation item display interface. And for different target recommendation items, the corresponding preset display conditions are different. In addition, part of the target recommendation items exist, the corresponding preset display conditions are null, and the terminal can directly display the target recommendation items.

For example, for the recommended item "open floating window permission", the preset display condition is that the terminal does not open floating window permission for a specified application (for example, an application for implementing security protection); for the recommended item 'opening account security protection', presetting a display condition that the terminal does not open account security protection; for the recommendation item 'open short message, incoming call interception permission', presetting a display condition that the terminal does not open the short message and the incoming call interception permission; for the recommended item "perform security scan every day", the preset presentation condition is null.

In one example, a target recommendation item is detected from among the recommendation items by the terminal. Optionally, the terminal obtains the state of the device, and determines whether each recommended item meets the corresponding preset display condition according to the state of the device. Wherein the state of the device comprises: the authority of the application program in the terminal, whether the client account is opened with safety protection, and the like. For example, for a recommended item "open floating window permission", the terminal first detects whether to open floating window permission for a specified application (for example, an application for implementing security protection), if so, the recommended item does not satisfy a preset display condition, and is not a target recommended item, and if not, the recommended item satisfies the preset display condition, and is a target recommended item; for the recommendation item 'account security protection starting', the terminal firstly detects whether account security protection is started, if so, the recommendation item does not meet the preset display condition and is not the target recommendation item, and if not, the recommendation item meets the preset display condition and is the target recommendation item. In this example, the terminal detects a target recommendation item among the recommendation items first, and then obtains the target recommendation item.

In another example, a target recommendation item is detected by the server from among the recommendation items. Optionally, the terminal carries device state information in the policy obtaining request (e.g., the first policy obtaining request and the second policy obtaining request), the device state information is used for indicating a state of the device, and the server detects whether each recommended item meets a respective preset display condition according to the device state information, further screens out a target recommended item from each recommended item, and sends the target recommended item to the terminal. Optionally, the terminal carries an acceptable recommended item list in the policy obtaining request (for example, the first policy obtaining request and the second policy obtaining request), the list includes recommended items meeting preset display conditions, the server screens out a target recommended item from the recommended items according to the list, and sends the target recommended item to the terminal. In this example, each item of recommendation in the defense strategy provided by the server to the terminal is a target recommendation, and the terminal can directly read the target recommendation from the defense strategy.

And step 205, the terminal displays the target recommendation item on a recommendation item display interface.

Under the condition that target recommendation items exist in the recommendation items, the terminal displays the target recommendation items in a recommendation item display interface; and under the condition that the target recommended item does not exist in the recommended items, the terminal displays corresponding prompt information in a recommended item display interface. Referring to fig. 3 in combination, an interface schematic diagram of the recommendation item presentation interface 31 provided by an embodiment of the present invention is shown, where the recommendation item presentation interface 31 includes a target recommendation item "view latest security information" 311 and a target recommendation item "open short message protection permission" 312.

Optionally, the defense strategy further includes priorities corresponding to the recommended items. The priority is used for indicating the importance degree corresponding to the recommendation item, and the higher the priority is, the higher the importance degree is, and the lower the priority is, the lower the importance degree is. In one example, "high," "medium," and "low" are used to measure priority. In another example, the priority is measured by the size of the value, with a smaller value giving a higher priority. For example, a recommendation having a value of 1 may have a higher priority than a recommendation having a value of 10.

Optionally, when the defense policy includes priorities corresponding to the recommendations, step 205 may include the following sub-steps:

step 205a, acquiring priorities corresponding to various target recommendation items;

and the terminal reads the corresponding priority of each target recommendation item from the defense strategy.

Step 205b, when the number of the target recommendation items is not greater than the preset number, displaying each target recommendation item in a recommendation item display interface;

the preset number may be set according to an actual requirement, for example, the preset number is 2, which is not limited in the embodiment of the present invention.

And when the number of the target recommendation items is not more than the preset number, the terminal directly displays each target recommendation item in a recommendation item display interface. Optionally, the terminal displays the target recommendation items in the recommendation item display interface according to the sequence of the priority levels from high to low. The position of the target recommendation item with higher priority on the recommendation item display interface is higher than the position of the target recommendation item with lower priority on the recommendation item display interface.

Step 205c, when the number of the target recommendation items is greater than the preset number, determining the target recommendation items with the priorities meeting the preset conditions, and displaying the target recommendation items with the priorities meeting the preset conditions on a recommendation item display interface.

The priority meeting the preset condition means that the sequence number corresponding to the arrangement sequence of the priority of the target recommendation item in the priorities of the target recommendation items should not be larger than the preset number. For example, when the preset number is 2, the terminal displays the target recommendation item with the first priority and the target recommendation item with the second priority in the recommendation item display interface. That is, when the number of the target recommendation items is large, the target recommendation item with the higher priority can be selected for presentation.

In other possible examples, the terminal directly reads the priorities corresponding to the recommended items from the defense strategy, then sequentially detects whether each recommended item is a target recommended item according to the high-low order of the priorities, and when the number of the detected target recommended items is not less than the preset number, the detection process is stopped, and the detected target recommended items are displayed in a recommended item display interface.

In summary, according to the method provided by the embodiment of the present invention, the terminal reports the policy impact information to the server, and the server uses the preset model to formulate the defense policy matched with the terminal according to the policy impact information. In addition, before the recommendation items are displayed, the terminal firstly performs screening according to preset display conditions, so that interference caused by displaying of redundant recommendation items is avoided.

In the embodiment of the invention, the strategy information reported by the terminal not only comprises the terminal condition, but also comprises the environment condition of the terminal and the operation condition of the terminal executed by the user, so that the server can make a defense strategy for the terminal from multiple dimensions, and the comprehensive and real-time protection is provided for the terminal.

According to the method provided by the embodiment of the invention, the priority is set for each recommended item, and the terminal only displays a plurality of recommended items with higher priorities on the recommended item display interface, so that the interference brought to the user when more recommended items are provided is avoided.

In an optional embodiment based on the embodiment shown in fig. 2, after the terminal displays the target recommended item on the recommended item display interface, the method further includes the following steps:

step 301, when an operation instruction corresponding to any item label recommendation item displayed on the recommendation item display interface is acquired, displaying an operation guide popup window.

The operation guide popup window comprises prompt information and a first operation control, wherein the prompt information is used for prompting whether operation guide is received or not, and the first operation control is used for triggering the operation guide receiving. The operation guide is used for guiding the operation of the user, so that the operation of the user on the terminal according to the target recommendation item is simplified. For example, for the target recommendation item "open the short message protection authority", the operation guidance is used for guiding the user to trigger the terminal to open the short message protection authority for a specified application program (e.g., an application program for implementing security protection).

The operation guidance popup may be displayed on an upper layer of the recommended item presentation interface, may also be displayed on an upper layer of the main interface of the application program, and may also be displayed on an upper layer of the terminal. Optionally, when the terminal obtains an operation instruction of the user corresponding to any item label recommendation displayed on the recommendation display interface, an operation guidance popup window is displayed on the upper layer of the recommendation display interface.

Optionally, the operation guidance interface further includes a second operation control, and the second operation control is used for triggering the rejection operation guidance. Referring to fig. 3 in combination, which shows an interface schematic diagram of the operation guidance popup window 32 according to an embodiment of the present invention, the terminal displays the operation guidance popup window 32 on an upper layer of the recommended item presentation interface 31, where the operation guidance popup window 32 includes a prompt message 321, a first operation control 322, and a second operation control 323.

And step 302, after the trigger signal corresponding to the first operation control is acquired, executing the operation indicated by the operation guidance.

The operation indicated by the operation guidance may be actually determined according to the target recommended item obtained as the operation indication. For example, if the target recommendation item "open the short message protection permission" obtains the operation instruction, the operation executed by the terminal is to open the short message protection permission for the specified application program.

Optionally, after the terminal executes the operation, skipping to display a recommended item display interface, and not displaying the target recommended item obtained by obtaining the operation instruction. Further, the terminal displays the target recommendation item with the highest priority in the target recommendation items which are not displayed on the recommendation item display interface.

With reference to fig. 3, the recommended item display interface 31 includes a target recommended item "view latest security information" 311 and a target recommended item "open short message protection permission" 312, the user triggers the target recommended item "open short message protection permission" 312 in the recommended item display interface 31, accordingly, the terminal obtains an operation instruction corresponding to the target recommended item "open short message protection permission" 312, then the terminal displays an operation guidance popup window 32 on an upper layer of the recommended item display interface 31, the operation guidance popup 32 includes a prompt message 321, a first operation control 322 and a second operation control 323, when the user clicks the first operation control 322, correspondingly, the terminal acquires a trigger signal corresponding to the first operation control 322, and skips to display the recommended item display interface 31, where the recommended item display interface 31 includes a target recommended item "view latest security information" 311 and a target recommended item "perform security scanning every day" 313.

Optionally, after the terminal acquires the trigger signal corresponding to the second operation control, skipping to display a recommended item display interface, where the target recommended item acquired by the acquisition operation instruction is no longer displayed in the recommended item display interface. Further, the terminal displays the target recommendation item with the highest priority in the target recommendation items which are not displayed on the recommendation item display interface.

In other possible examples, when the terminal acquires an operation instruction corresponding to any item label recommendation item displayed on the recommendation item display interface, the step of displaying the operation popup window is not executed, and the corresponding operation is directly executed. For example, when the terminal acquires an operation instruction corresponding to the target recommendation item "perform security scanning every day", the security scanning operation is directly performed.

In summary, in the method provided in the embodiment of the present invention, when the operation instruction corresponding to the target recommendation item is obtained, the operation guidance popup is displayed to guide the user to perform the operation, so that the operation that the user needs to perform on the target recommendation item is simplified, and the operation complexity is reduced.

In an alternative embodiment provided on the basis of the embodiment shown in fig. 2 or fig. 3, the method further comprises the following steps:

step 401, the terminal sends result feedback information to the server.

And the result feedback information is used for indicating whether each target recommendation item displayed by the recommendation item display interface is accepted or not. The result feedback information includes: whether the user triggers the target recommendation items, whether the user accepts operation guidance and the like. For example, when the target recommendation item is "open the short message authority", the result feedback information is used to indicate that the user has triggered the target recommendation item, but refuses the operation guidance.

In one example, when the terminal quits displaying the recommended item display interface, result feedback information is sent to the server. In another example, when the application program for implementing security protection is switched from foreground operation to background operation, the terminal sends result feedback information to the server. In another example, the terminal transmits the result feedback information to the server at preset time intervals. The preset time can be set according to actual requirements, for example, the preset time is 1 day.

In addition, before the terminal sends the result feedback information to the server, whether the terminal is connected with the safe WiFi or not can be detected, if the terminal is connected with the safe WiFi, the step of sending the result feedback information to the server is executed, and if the terminal is not connected with the safe WiFi, the step of sending the result feedback information to the server is not executed. By the method, the traffic consumption of the terminal sending the result feedback information to the server can be avoided.

Accordingly, the server receives result feedback information sent by the terminal.

Step 402, the server revises the preset model according to the result feedback information.

And the server corrects the model according to the result feedback information to form positive feedback, so that the subsequent server can more accurately formulate a defense strategy of the terminal. Optionally, step 402 specifically includes: and correcting the weight value corresponding to each characteristic of the preset model according to the result feedback information.

The preset model comprises a plurality of characteristics, and each characteristic corresponds to a weight value. The server adjusts the preset model by adjusting the weight value corresponding to each feature. The above feature includes at least one of device information, environment information, and operation information.

For example, if the result feedback information indicates that the target recommendation item "open the short message protection permission" has been triggered by the user and has received the operation guidance, the server decreases the weight value corresponding to the operation information, and when the subsequent server calls the preset model to determine whether to recommend "open the short message protection permission" to the terminal, the total score of the recommendation item "open the short message protection permission" is decreased because the weight value corresponding to the operation information is decreased, and the subsequent server does not send the recommendation item "open the short message protection permission" to the terminal any more.

With reference to fig. 4, a schematic diagram of determining a defense policy provided by an embodiment of the invention is shown. When a user uses a terminal, the terminal collects strategy influence information and reports the strategy influence information to the server, the server determines a defense strategy according to the strategy influence information by adopting a preset model, then the server sends the defense strategy to the terminal, the terminal displays target recommendation items in the defense strategy, whether each target recommendation item is received or not is determined by the user, after the user operates the terminal, the terminal records result feedback information and sends the result feedback information to the server, and the server corrects the preset model according to the result feedback information.

In summary, in the method provided by the embodiment of the present invention, the server modifies the model according to the result feedback information sent by the terminal, so that the subsequent server can make a defense strategy for the terminal more accurately.

Referring to fig. 5, a flow chart of a defense policy determination method according to another embodiment of the invention is shown. The method may comprise the steps of:

step 501, the server obtains the policy impact information of the terminal.

The policy impact information includes at least one of device information, environment information, and operation information.

Step 502, the server calls a preset model to determine a defense strategy matched with the strategy influence information.

The defense strategy comprises at least one recommended item, and the preset model is obtained by training according to the collected safety data.

Step 503, the server sends a policy acquisition instruction to the terminal.

And the strategy acquisition instruction is used for instructing the terminal to acquire the defense strategy from the server.

In step 504, the server receives a first policy acquisition request sent by the terminal according to the policy acquisition instruction.

The first policy acquisition request is for requesting a defense policy.

And 505, the server sends a defense strategy to the terminal according to the first strategy acquisition request.

Step 506, after the terminal acquires a trigger signal for triggering display of the recommended item display interface, a second policy acquisition request is sent to the server.

The second policy acquisition request is for requesting a defense policy.

And step 507, the server sends a defense strategy to the terminal according to the second strategy acquisition request.

And step 508, when the terminal acquires a trigger signal for triggering display of the recommended item display interface, acquiring a target recommended item in each recommended item.

The target recommendation item is a recommendation item meeting a preset display condition.

In step 509, the terminal obtains the priorities corresponding to the target recommendation items.

And 510, when the number of the target recommendation items is not more than the preset number, displaying each target recommendation item in a recommendation item display interface.

And 511, when the number of the target recommendation items is larger than the preset number, determining the target recommendation items with the priorities meeting the preset conditions, and displaying the target recommendation items with the priorities meeting the preset conditions on a recommendation item display interface.

And step 512, displaying an operation guide interface when the operation instruction of any item label recommendation item displayed by the recommendation item display interface is acquired.

The operation guide interface comprises prompt information and a first operation control, the prompt information is used for prompting whether operation guide is received, and the first operation control is used for triggering the operation guide receiving.

In step 513, after the trigger signal corresponding to the first operation control is acquired, the operation indicated by the operation guidance is executed.

Step 514, sending result feedback information to the server.

And the result feedback information is used for indicating whether each target recommendation item displayed by the recommendation item display interface is accepted or not.

Step 515, the server revises the preset model according to the result feedback information.

In the above method embodiment, the terminal-related step may be implemented separately as a terminal-side defense policy determination method, and the server-related step may be implemented separately as a server-side defense policy determination method.

The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. For details which are not disclosed in the embodiments of the apparatus of the present invention, reference is made to the embodiments of the method of the present invention.

Referring to fig. 6, a block diagram of a defense policy determination apparatus according to an embodiment of the present invention is shown. The device has the function of realizing the terminal side in the method example, and the function can be realized by hardware or by hardware executing corresponding software. The apparatus may include: a policy obtaining module 601, a recommendation obtaining module 602, and a recommendation presenting module 603.

The strategy obtaining module 601 is configured to obtain a defense strategy matched with strategy influence information of a terminal from a server, where the strategy influence information includes at least one of device information, environment information, and operation information, the defense strategy includes at least one recommendation item, the defense strategy is determined by the server according to the strategy influence information by using a preset model, and the preset model is obtained by training according to collected safety data.

The recommendation item detection module 602 is configured to, when a trigger signal for triggering display of a recommendation item display interface is acquired, acquire a target recommendation item in the recommendation items, where the target recommendation item is a recommendation item that meets a preset display condition.

A recommendation item presentation module 603, configured to present the target recommendation item on the recommendation item presentation interface.

In an optional embodiment provided based on the embodiment shown in fig. 6, the defense policy further includes priorities corresponding to the recommended items; the recommendation presentation module 603 is configured to:

acquiring the priority corresponding to each target recommendation item;

when the number of the target recommended items is not larger than the preset number, displaying the target recommended items in the recommended item display interface;

when the number of the target recommendation items is larger than the preset number, the target recommendation items with the priorities meeting the preset conditions are determined, and the target recommendation items with the priorities meeting the preset conditions are displayed on the recommendation item display interface.

In another optional embodiment provided based on the embodiment shown in fig. 6, the policy obtaining module 601 is configured to:

receiving a policy acquisition instruction sent by the server, wherein the policy acquisition instruction is used for instructing the terminal to acquire the defense policy from the server;

sending a first policy acquisition request to the server according to the policy acquisition instruction, wherein the first policy acquisition request is used for requesting the defense policy;

and receiving the defense strategy sent by the server according to the first strategy acquisition request.

when a trigger signal for triggering display of a recommended item display interface is acquired, sending a second strategy acquisition request to the server, wherein the second strategy acquisition request is used for requesting the defense strategy;

and receiving the defense strategy sent by the server according to the second strategy acquisition request.

In another optional embodiment provided based on the embodiment shown in fig. 6, the apparatus further comprises: an interface display module and an operation execution module (not shown in the figure).

The interface display module is used for displaying an operation guide interface when an operation instruction corresponding to any one of the target recommended items displayed on the recommended item display interface is acquired, wherein the operation guide interface comprises prompt information and a first operation control, the prompt information is used for prompting whether to accept operation guide, and the first operation control is used for triggering acceptance of the operation guide.

And the operation execution module is used for executing the operation indicated by the operation guidance after acquiring the trigger signal corresponding to the first operation control.

In another optional embodiment provided based on the embodiment shown in fig. 6, the apparatus further comprises: a feedback sending module (not shown in the figure).

And the feedback sending module is used for sending result feedback information to the server, wherein the result feedback information is used for indicating whether each target recommended item displayed on the recommended item display interface is accepted or not, so that the server corrects the preset model according to the result feedback information.

In summary, in the apparatus provided in the embodiment of the present invention, the terminal reports the policy impact information to the server, and the server uses the preset model to formulate the defense policy matched with the terminal according to the policy impact information. In addition, before the recommendation items are displayed, the terminal firstly performs screening according to preset display conditions, so that interference caused by displaying of redundant recommendation items is avoided.

Referring to fig. 7, a block diagram of a defense policy determination apparatus according to an embodiment of the present invention is shown. The device has the function of realizing the server side in the method example, and the function can be realized by hardware or by hardware executing corresponding software. The apparatus may include: an information acquisition module 701, a policy determination module 702, and a policy providing module 703.

An information obtaining module 701, configured to obtain policy impact information of a terminal, where the policy impact information includes at least one of device information, environment information, and operation information;

a policy determining module 702, configured to invoke a preset model to determine a defense policy according to the policy influence information, where the defense policy includes at least one recommended item, and the preset model is obtained by training according to the acquired safety data.

A policy providing module 703, configured to push the defense policy to the terminal, so that the defense policy displays a target recommended item in the recommended items on the terminal in a manner of displaying an interface; the target recommendation item is a recommendation item meeting a preset display condition.

In an optional embodiment provided based on the embodiment shown in fig. 7, the policy providing module 703 is configured to:

sending a policy acquisition instruction to the terminal, wherein the policy acquisition instruction is used for instructing the terminal to acquire the defense policy from the server;

receiving a first policy acquisition request sent by the terminal according to the policy acquisition instruction, wherein the first policy acquisition request is used for requesting the defense policy;

and sending the defense strategy to the terminal according to the first strategy acquisition request.

In another optional embodiment provided based on the embodiment shown in fig. 7, the policy providing module 703 is configured to:

receiving a second policy acquisition request sent by the terminal, wherein the second policy acquisition request is used for requesting the defense policy, and the second policy acquisition request is sent to the server by the terminal after acquiring a trigger signal for triggering display of a recommended item display interface;

and sending the defense strategy to the terminal according to the second strategy acquisition request.

In another alternative embodiment provided based on the embodiment shown in fig. 7, the apparatus further comprises: a feedback receiving module and a model modification module (not shown in the figure).

And the feedback receiving module is used for receiving result feedback information sent by the terminal, and the result feedback information is used for indicating whether to accept each target recommendation item displayed on the recommendation item display interface.

And the model correction module is used for correcting the preset model according to the result feedback information.

Referring to fig. 8, a schematic structural diagram of a terminal according to an embodiment of the present invention is shown. The terminal is used for implementing the defense strategy determination method at the terminal side in the embodiment. Specifically, the method comprises the following steps:

the terminal 800 may include RF (Radio Frequency) circuitry 810, memory 820 including one or more computer-readable storage media, an input unit 830, a display unit 840, a sensor 850, audio circuitry 860, a WiFi (wireless fidelity) module 870, a processor 880 including one or more processing cores, and a power supply 890. Those skilled in the art will appreciate that the terminal structure shown in fig. 8 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:

the RF circuit 810 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for receiving downlink information from a base station and then processing the received downlink information by the one or more processors 880; in addition, data relating to uplink is transmitted to the base station. In general, RF circuit 810 includes, but is not limited to, an antenna, at least one Amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like. In addition, the RF circuit 810 may also communicate with networks and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), email, SMS (Short Messaging Service), etc.

The memory 820 may be used to store software programs and modules, and the processor 880 executes various functional applications and data processing by operating the software programs and modules stored in the memory 820. The memory 820 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal 800, and the like. Further, the memory 820 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 820 may also include a memory controller to provide the processor 880 and the input unit 830 access to the memory 820.

The input unit 830 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, the input unit 830 may include a touch-sensitive surface 831 as well as other input devices 832. The touch sensitive surface 831 can be a touchpad, a touch screen. The input unit 830 may include other input devices 832 in addition to the touch-sensitive surface 831. In particular, other input devices 832 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.

The display unit 840 may be used to display information input by or provided to a user and various graphical user interfaces of the terminal 800, which may be made up of graphics, text, icons, video, and any combination thereof. The Display unit 840 may include a Display panel 841, and the Display panel 841 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like, as an option.

The terminal 800 can also include at least one sensor, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 841 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 841 and/or backlight when the terminal 800 is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when the mobile phone is stationary, and can be used for applications of recognizing the posture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the terminal 800, further description is omitted here.

Audio circuitry 860, speaker 861, microphone 862 may provide an audio interface between a user and terminal 800. The audio circuit 860 can transmit the electrical signal converted from the received audio data to the speaker 861, and the electrical signal is converted into a sound signal by the speaker 861 and output; on the other hand, the microphone 862 converts the collected sound signal into an electric signal, converts the electric signal into audio data after being received by the audio circuit 860, and outputs the audio data to the processor 880 for processing, and then transmits the audio data to, for example, another terminal via the RF circuit 810, or outputs the audio data to the memory 820 for further processing. The audio circuitry 860 may also include an earbud jack to provide communication of a peripheral headset with the terminal 800.

WiFi belongs to short-range wireless transmission technology, and the terminal 800 can help the user send and receive e-mails, browse web pages, access streaming media, etc. through the WiFi module 870, and it provides the user with wireless broadband internet access. Although fig. 8 shows WiFi module 870, it is understood that it does not belong to the essential constitution of terminal 800 and may be omitted entirely as needed within the scope not changing the essence of the invention.

The processor 880 is a control center of the terminal 800, connects various parts of the entire handset using various interfaces and lines, and performs various functions of the terminal 800 and processes data by operating or executing software programs and/or modules stored in the memory 820 and calling data stored in the memory 820, thereby integrally monitoring the handset. Optionally, processor 880 may include one or more processing cores; preferably, the processor 880 may integrate an application processor, which mainly handles operating systems, user interfaces, applications, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 880.

Terminal 800 further includes a power supply 890 (e.g., a battery) for powering the various components, which may be logically coupled to processor 880 via a power management system that may be used to manage charging, discharging, and power consumption. Power supply 890 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.

Although not shown, the terminal 800 may further include a bluetooth module or the like, which is not described in detail herein.

Specifically, in this embodiment, the terminal 800 further includes a memory, and at least one instruction, at least one program, a code set, or an instruction set, where the at least one instruction, the at least one program, the code set, or the instruction set is stored in the memory and configured to be executed by one or more processors, so as to implement the defense policy determination method on the terminal side.

Referring to fig. 9, a block diagram of a server 900 according to another embodiment of the present invention is shown. The server 900 is configured to implement the server-side defense policy determination method provided in the above-described embodiment.

The server 900 includes a Central Processing Unit (CPU)901, a system memory 904 including a Random Access Memory (RAM)902 and a Read Only Memory (ROM)903, and a system bus 905 connecting the system memory 904 and the central processing unit 901. The server 900 also includes a basic input/output system (I/O system) 906, which facilitates the transfer of information between devices within the computer, and a mass storage server 907, which stores an operating system 913, application programs 914, and other program modules 915.

The basic input/output system 906 includes a display 909 for displaying information and an input server 909 such as a mouse, a keyboard, etc., for a user to input information. Wherein the display 909 and the input server 909 are connected to the central processing unit 901 through an input output controller 910 connected to the system bus 905. The basic input/output system 906 may also include an input/output controller 910 for receiving and processing input from a number of other servers, such as a keyboard, mouse, or electronic stylus. Similarly, input-output controller 910 also provides output to a display screen, a printer, or other type of output server.

The mass storage server 907 is connected to the central processing unit 901 through a mass storage controller (not shown) connected to the system bus 905. The mass storage server 907 and its associated computer-readable media provide non-volatile storage for the server 900. That is, the mass storage server 907 may include a computer-readable medium (not shown) such as a hard disk or CD-ROM drive.

Without loss of generality, the computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage servers. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 904 and mass storage server 907 described above may be collectively referred to as memory.

The server 900 may also operate as a remote computer connected to a network via a network, such as the internet, in accordance with various embodiments of the invention. That is, the server 900 may be connected to the network 912 through the network interface unit 911 coupled to the system bus 905, or the network interface unit 911 may be used to connect to other types of networks or remote computer systems (not shown).

The memory has stored therein at least one instruction, at least one program, set of codes, or set of instructions that is loaded and executed by the processor to implement the server-side defense policy determination method described above.

In an exemplary embodiment, a computer readable storage medium is further provided, in which at least one instruction, at least one program, a code set, or a set of instructions is stored, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by a processor of a terminal to implement the defense policy determination method at the terminal side in the above method embodiments.

In an exemplary embodiment, a computer readable storage medium is further provided, in which at least one instruction, at least one program, a set of codes, or a set of instructions is stored, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by a processor of a server to implement the defense policy determination method on the server side in the above method embodiments.

Alternatively, the computer-readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

It should be understood that reference to "a plurality" herein means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. As used herein, the terms "first," "second," and the like, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

The present invention is not limited to the above exemplary embodiments, and any modifications, equivalent replacements, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims

1. A defense strategy determination method, the method comprising:

acquiring a defense strategy matched with strategy influence information of a terminal from a server, wherein the strategy influence information comprises at least one of equipment information, environment information and operation information, the defense strategy comprises at least one recommended item, a preset model is called by the server to be determined according to the strategy influence information, the preset model is obtained according to acquired safety data training, and the defense strategy further comprises priorities corresponding to the recommended items;

acquiring the priority corresponding to each target recommendation item;

2. The method of claim 1, wherein the obtaining the defense policy matching the policy impact information of the terminal from the server comprises:

3. The method of claim 1, wherein the obtaining the defense policy matching the policy impact information of the terminal from the server comprises:

4. The method according to any one of claims 1 to 3, wherein after the recommendation item presentation interface presents the target recommendation item with the priority satisfying a preset condition, the method further comprises:

when an operation instruction corresponding to any one target recommended item displayed on the recommended item display interface is acquired, displaying an operation guide interface, wherein the operation guide interface comprises prompt information and a first operation control, the prompt information is used for prompting whether operation guide is received, and the first operation control is used for triggering and receiving the operation guide;

executing the operation indicated by the operation guidance after acquiring the trigger signal corresponding to the first operation control.

5. The method according to any one of claims 1 to 3, wherein after the recommendation item presentation interface presents the target recommendation item with the priority satisfying a preset condition, the method further comprises;

and sending result feedback information to the server, wherein the result feedback information is used for indicating whether to accept each target recommended item displayed on the recommended item display interface or not, so that the server corrects the preset model according to the result feedback information.

6. A defense strategy determination method, the method comprising:

calling a preset model to determine a defense strategy matched with the strategy influence information, wherein the defense strategy comprises at least one recommended item, the preset model is obtained by training according to collected safety data, and the defense strategy also comprises priorities corresponding to the recommended items;

pushing the defense strategy to the terminal; the terminal is used for obtaining priorities corresponding to the target recommendation items, displaying the target recommendation items in a recommendation item display interface when the number of the target recommendation items is not more than a preset number, determining the target recommendation items with the priorities meeting preset conditions when the number of the target recommendation items is more than the preset number, and displaying the target recommendation items with the priorities meeting the preset conditions on the recommendation item display interface; the target recommendation item is a recommendation item meeting a preset display condition.

7. The method of claim 6, wherein the pushing the defense policy to the terminal comprises:

sending a policy acquisition instruction to the terminal, wherein the policy acquisition instruction is used for instructing the terminal to acquire the defense policy from a server;

8. The method of claim 7, wherein the pushing the defense policy to the terminal comprises:

9. The method according to any one of claims 6 to 8, further comprising:

receiving result feedback information sent by the terminal, wherein the result feedback information is used for indicating whether to accept each target recommendation item displayed on the recommendation item display interface;

and correcting the preset model according to the result feedback information.

10. A defense policy determination apparatus, characterized in that the apparatus comprises:

the strategy acquisition module is used for acquiring a defense strategy matched with strategy influence information of a terminal from a server, wherein the strategy influence information comprises at least one of equipment information, environment information and operation information, the defense strategy comprises at least one recommendation item, the defense strategy is determined by calling a preset model by the server according to the strategy influence information, the preset model is obtained by training according to acquired safety data, and the defense strategy also comprises priorities corresponding to the recommendation items;

the recommendation item display module is used for acquiring the priority corresponding to each target recommendation item; when the number of the target recommended items is not larger than the preset number, displaying the target recommended items in the recommended item display interface; when the number of the target recommendation items is larger than the preset number, the target recommendation items with the priorities meeting the preset conditions are determined, and the target recommendation items with the priorities meeting the preset conditions are displayed on the recommendation item display interface.

11. A defense policy determination apparatus, characterized in that the apparatus comprises:

the strategy determining module is used for calling a preset model to determine a defense strategy matched with the strategy influence information, wherein the defense strategy comprises at least one recommended item, the preset model is obtained by training according to collected safety data, and the defense strategy also comprises priorities corresponding to the recommended items;

the strategy providing module is used for pushing the defense strategy to the terminal so that the terminal acquires target recommendation items in the recommendation items and then acquires priorities corresponding to the target recommendation items when acquiring a trigger signal for triggering display of a recommendation item display interface, displays the target recommendation items in the recommendation item display interface when the number of the target recommendation items is not more than a preset number, determines the target recommendation items with priorities meeting preset conditions when the number of the target recommendation items is more than the preset number, and displays the target recommendation items with the priorities meeting the preset conditions on the recommendation item display interface; the target recommendation item is a recommendation item meeting a preset display condition.

12. A terminal, characterized in that the terminal comprises a processor and a memory, in which at least one instruction, at least one program, a set of codes or a set of instructions is stored, which is loaded and executed by the processor to implement the defense policy determination method according to any of the claims 1 to 5.

13. A server, characterized in that the server comprises a processor and a memory, in which at least one instruction, at least one program, a set of codes, or a set of instructions is stored, which is loaded and executed by the processor to implement the defense policy determination method according to any of claims 6 to 9.

14. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement the defense policy determination method of any of claims 1 to 5 or the defense policy determination method of any of claims 6 to 9.