CN110071924B - Big data analysis method and system based on terminal - Google Patents

Big data analysis method and system based on terminal Download PDF

Info

Publication number
CN110071924B
CN110071924B CN201910336086.8A CN201910336086A CN110071924B CN 110071924 B CN110071924 B CN 110071924B CN 201910336086 A CN201910336086 A CN 201910336086A CN 110071924 B CN110071924 B CN 110071924B
Authority
CN
China
Prior art keywords
application program
terminal
information
authority
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910336086.8A
Other languages
Chinese (zh)
Other versions
CN110071924A (en
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Wufang Information Service Co., Ltd
Original Assignee
Wuhan Wufang Information Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Wufang Information Service Co Ltd filed Critical Wuhan Wufang Information Service Co Ltd
Priority to CN201910336086.8A priority Critical patent/CN110071924B/en
Publication of CN110071924A publication Critical patent/CN110071924A/en
Application granted granted Critical
Publication of CN110071924B publication Critical patent/CN110071924B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal

Abstract

A big data analysis method and system based on terminal, search the utility program, confirm whether malicious or not; determining whether to reattempt or download; downloading and installing an application program, and performing security authentication; determining whether to retain or uninstall the application; and managing the authority when sensitive or private data is operated and accessed. The method and the system can utilize big data and information security technology to carry out security detection on the application program in the installation stage, intercept the application program with harm to the terminal and confirm and block the source of the application program; the method comprises the steps that privacy information of a terminal is encrypted aiming at the problem of legal or illegal access of an application program to user privacy information, for legal access, the privacy information is read through reasonable management and is guaranteed not to exceed a preset authority, for illegal access, unreasonable access of the application program to the privacy program is avoided through time setting or authority blocking setting, and the safety of downloading, running and data access of the application program on the terminal is guaranteed.

Description

Big data analysis method and system based on terminal
Technical Field
The present invention relates to the field of electrical data processing, and more particularly, to a method and system for analyzing big data based on a terminal.
Background
With the rapid development of information technologies, the intelligent mobile terminal and the high-speed mobile network provide users with rich and varied information and resources, and users need to download a large number of application programs (APP) through the network while working, living, entertaining and communicating by using the information technologies, so that the resources or information required by the users can be presented, downloaded and stored in the intelligent mobile terminal through the network, and the work and life of the users are facilitated. Nowadays, a large number of applications with distinct features and friendly user experience exist in the application market of the intelligent mobile terminal, and the applications greatly improve the user experience.
However, the technology is also a double-edged sword, which brings benefits and also causes a series of safety problems. For example, networks have evolved into a way of malicious program propagation. After the programs downloaded from the local terminal are stored or installed in the local terminal to run, some of the programs can maliciously modify files in the local terminal, and some of the programs can cause system crash or slow running. As another example, downloading, installing, and running an application may pose a risk of revealing personal privacy, including personal identity of the user, financial accounts and financial information of the user, behavioral preferences, health, social status, social records, and other private information. The privacy disclosure event of the user of apple company reflects the position information of the company which is used for privately recording the position APP of the user every time and uploads the position information to the background database, and a large amount of privacy disclosure of the user is caused. In the specific data mining of a single user, a large amount of diversified information intersection can finally accurately depict the user outline, such as personal age, economic condition, consumption behavior and level, social status, social circle and the like, so that some new privacy risks and ethical safety problems which need to be solved urgently are brought forward. Therefore, the installed application needs to be detected and killed, but the detection and killing in the prior art has the following problems.
For the searching and killing of the malicious application program, the malicious program is generally deleted after being detected out so as to avoid the malicious program from executing malicious behaviors, but the source of the malicious program cannot be traced, so that the source of the malicious program cannot be thoroughly searched and killed, and the source of the malicious program cannot be cut off. Moreover, analysis of malicious applications includes both static analysis and dynamic analysis. Static analysis is simple and fast, but requires knowledge of information of known malicious applications, such as signatures, behavior patterns, permission applications, etc., prior to scanning. Dynamic analysis runs and monitors applications in a closed environment and analyzes behavioral characteristics of the applications, such as file permission changes, process and thread running conditions, system call conditions, network access conditions, and the like. However, whether static analysis or dynamic analysis is adopted, the analysis process needs to have application program information stored and recorded in advance, the analysis efficiency is not ideal, and the updating, comparison and accuracy rate depend on the application program information stored and recorded in advance; objectively, this analysis technique lacks analysis of large data. In addition, malicious newly installed applications often attempt to access the user's private information; although some applications have legal authority to legally access the user's private information, such as incoming short messages SMS, the prior art lacks effective file protection for the user's on-board existing privacy and reasonable management of access to the private information.
Disclosure of Invention
One of the objectives of the present invention is to provide a method and a system for analyzing big data based on a terminal, which can utilize big data and information security technology to perform security detection on an application program in an installation stage, intercept the application program that is harmful to the terminal, and confirm and block the source of the application program; the method and the device have the advantages that the privacy information of the terminal is encrypted, the privacy information is read through reasonable management and is ensured not to exceed the preset authority for legal access, and unreasonable access of the application program to the privacy program is avoided through time setting or authority blocking setting for illegal access. By the method and the system, the safety of the system can be realized based on big data and authority management, and the safety of downloading, running and data access of the application program on the terminal is finally ensured.
The technical scheme adopted by the invention to solve the technical problems is as follows: a big data analysis method based on a terminal comprises the following steps: the terminal searches for the required application program and sends the application program to the judgment server to confirm whether the application program is malicious or not; the terminal determines whether to retry downloading of other resources or whether to download or directly download the application program by the user selection based on the result of judging whether the server obtains the malicious or not according to the big data: the terminal downloads and installs the application program, extracts information and sends the information to the judgment server for security authentication; the terminal determines whether to reserve the application program in the terminal or uninstall the application program based on the security authentication of the decision server; and after the terminal determines to reserve the application program, carrying out authority management to enable or disable the application program when the subsequent application program runs and accesses sensitive or private data on the terminal.
In one embodiment, the method further comprises the steps of: step S1, the terminal searches the needed application program via wireless network and obtains the name and/or IP information of the resource server containing the application program; step S2, the terminal sends the name and/or IP information of the resource server to the judgment server to confirm whether the server is malicious or not; in step S3, the terminal performs a corresponding operation according to the result of determining whether the server confirms malicious or not based on the big data: blocking a communication link with the resource server if malicious and continuing to try the other resource servers acquired in step S1 and sequentially performing steps S2 and S3 until the determination server confirms non-malicious or the number of attempts reaches a user preset number; if the application program is not malicious, selecting whether to download or directly download the application program by the user; step S4, the downloaded terminal installs the application program and extracts the information, signs the application program, and sends the extracted information to the judgment server for security authentication; step S5, the terminal determines whether to keep the application program in the terminal or uninstall the application program according to the security authentication result of the judgment server based on the big data; when the application program is reserved, giving a unique authority to the application program, and when the application program is uninstalled, sending information of the application program to a judgment server to update a database for big data analysis, judgment and confirmation; step S6, when the application program is executed on the terminal, the operation parameter is obtained and analyzed; step S7, further determining whether to keep the application program in the terminal or uninstall the application program based on the result of the analysis, and sending the information of the application program to the decision server to update the database for big data analysis, decision and confirmation; step S8, when the application program requests to access the user privacy data on the terminal, the terminal confirms the access authority according to the authority configuration table and executes the corresponding operation; when a new instant messenger message is introduced by the terminal and the application requests access, the terminal enables or disables access to the application based on the access setting, step S9.
In one embodiment, step S1 further includes: searching through a search engine by inputting a name of a desired application directly via a browser installed at a terminal; or in the current non-browser application, a user presses the screen for a long time by fingers, an option for selecting characters appears on the screen, the user selects and highlights all or part of the names of the application programs, clicks a search button appearing on the screen after selection, clicks the search button to appear one or more selection icons of the browser for selection, and searches after selecting the corresponding browser icon; or in the current non-browser application, an input box appears on a screen by selecting a search icon in the non-browser application, and after a desired application program name is input, the non-browser application directly calls a default third-party browser to search, or one or more selection icons of the browser appear for selection and search is performed after the corresponding browser icon is selected; or in an instant messaging application embedded with a browser, the embedded browser is invoked for searching either by the user long-pressing the screen with a finger and presenting on the screen an option to select text, by selecting and highlighting all or part of the application's name and clicking a search button presented on the screen after selection, or by presenting an input box on the screen by selecting a search icon in the non-browser application, and by entering the desired application name. After searching for a desired application via a wireless network, a name and/or an IP address for identifying a resource server containing the application is acquired according to the result.
In one embodiment, step S2 further includes: the terminal selects any one or two of the name and/or IP information of the resource server, packages the selected resource server in a packet to be transmitted in a fixed packet transmission format, sets the header of the packet as a request attribute, terminates the packet after the selected resource server is identified by a fixed terminator so as to facilitate the identification of the judgment server, and then sends the packet to the judgment server through a wireless link for confirmation of maliciousness or not.
In one embodiment, step S3 further includes: the judgment server is internally provided with a database for big data analysis, confirmation and judgment, the database stores security attribute information of the application program of the terminal, including malicious, security and undetermined, the security attribute information is updated along with the lapse of time, and the updating mode is carried out through any one of modes of user uploading, information center notification and the like; the method comprises the steps that a judgment server receives a packet transmitted by a terminal, extracts any one or both of the name and/or IP information of a resource server in the packet based on a preset packet splitting rule, inputs the name and/or the IP information into an internally arranged database for information matching, packages the results of definite and undetermined security attribute information when a matching item conforming to security or maliciousness and no matching are confirmed to be detected, and transmits the results to the terminal through a wireless link; the terminal receives the packet and splits the packet, extracts the security attribute information in the packet, if the packet is malicious, blocks the communication link with the resource server, and continues to try the other resource servers obtained in the step S1 and sequentially executes the steps S2 and S3 until the judgment server confirms that the packet is not malicious or the number of attempts reaches the preset number of users; if it is safe, the user selects whether to download the application: if the application program is safe, the user selects whether to download or directly download the application program, wherein if the application program is safe, the application program is directly downloaded, if the application program is pending, the user selects whether to download the application program, if the application program is downloaded, the subsequent steps are carried out, if the application program is not downloaded, whether to directly exit the method or to continuously try the other resource servers acquired in the step S1, and the steps S2 and S3 are sequentially executed until the server is determined to confirm that the safety attribute which is expected by the user is met or the number of the try times reaches the preset number of the user.
In one embodiment, step S4 further includes: in the step that the terminal installs the application program and extracts the information of the application program after downloading, signs the application program, and sends the extracted information to the judgment server for security authentication, wherein in the process of installing the application program, the terminal changes the file suffix name of the application program to decompress the file suffix name so as to obtain a first file which is included in the file and is formed by compiling and tool packaging, obtains a transformation tool to copy the class file including the class name to a first directory position, and generates packet data in the application program through a class conversion command at the first directory position; acquiring a called function by traversing a database function of the grouped data, and determining the behavior attribute of the called function by the behavior information of the called function, wherein the behavior information comprises access behavior information, creation process behavior information, operation registry behavior information, behavior information for applying for calling identifiers and authorities of other application programs, installation behavior information, compression packaging behavior information and mobile data transmission behavior information, and the behavior attribute comprises maliciousness or not; and determining a behavior execution path of the called function according to the behavior attribute, recording the execution path as a part of the extracted information, uploading the execution path to the judgment server in the subsequent steps, and analyzing part or all of the execution path and path big data based on byte codes in the judgment server so as to perform security authentication. During the process of signature processing of the application program by the terminal, acquiring all files in the application program based on the decompressed application program; the method comprises the steps of calculating summary information of a file of a first type by using a secure hash algorithm, encoding the summary information, storing an encoded value into a first file of a second type different from the first type, generating a set of signature information by using the summary information and private key information previously stored in the first file of the second type, storing the signature information and a public key into a first position in a second file of the second type different from the first file, and storing the signature information and the public key into a second position in the second file, wherein the first type and the second type relate to files of different directory types.
In one embodiment, in the step S4, the extracting information further includes extracting other parts of the information, namely: renaming the file of the application program into a file with a suffix name in a compressed package form, decompressing to obtain a first configuration file, and converting the first configuration file into an operable text format by using first open source software; decompiling a binary source code file in the decompressed result by using second open-source software; restoring the binary source code file by using third open source software to obtain the source code of the file of the application program; scanning source codes of files based on application programs by using a matching algorithm, counting specified keywords, acquiring the number and corresponding positions of the specified keywords in class files, storing the quantity and corresponding positions by using a matrix, and calculating the similar distance between every two keywords based on a distance algorithm; classifying the keywords based on the similar distance, taking each keyword in the matrix as a root node, gathering the keywords with high similarity with each node, comparing the gathered keywords with the stored matrix of the position where the keywords are located, removing the keywords in different categories, and further classifying and storing the keywords; comparing the characteristics of the security application program stored in the characteristic database in the terminal with the characteristics stored in a classified manner, and removing the security characteristics contained in the characteristics of the application program so as to avoid increasing the information processing amount, increasing the information processing time and power consumption and wasting the limited processing resources of the terminal; the data categorized storing and de-characterizing is sent to the decision server for security authentication as the other part of the extracted information, along with other information.
In one embodiment, step S5 further includes: the terminal receives a security authentication result of the judgment server based on the big data, further determines whether the server is malicious or not based on the result, unloads the application program when the server is malicious, reserves the application program in the terminal when the server is safe, and displays risk prompt information to a user on a display screen to enable the user to know security attributes and select unloading or reserving when the server is to be timed; when the application program is reserved, the application program is endowed with the authority, wherein the authority comprises a storage authority, a photographing authority, a microphone use authority, a recording authority, a terminal sensor calling authority, a short message reading and sending authority, a telephone dialing authority, an authority for identifying a SIM card number installed in a terminal, an authority for reading an address book, an authority for reading user motion data, an authority for starting a mobile operator communication network connection authority, a wireless fidelity connection authority, an authority for reading other application programs and an authority for reading communication records of instant messaging software, and the authority is endowed with an enabling authority or a disabling authority; when it is determined to uninstall, information of the application is sent to the decision server to update the database for big data analysis, decision and confirmation in the decision server.
In one embodiment, in step S6, when the application program is executed on a terminal, the application program obtains and analyzes the operation parameters thereof, wherein the method comprises executing the application program, obtaining behavior parameters during the operation process thereof, the behavior parameters including a system API, changes in file permissions, process and thread operation data, call data, network access request data, and transmitted network data, recording the behavior parameters in a log file, monitoring creation operations of portable execution files in the application program, determining creation subjects thereof, establishing a correspondence between portable execution files and creation subjects thereof in a terminal memory, running and simulating the operation of an end user by using a simulation tool to obtain log file records and network data packet file records, after the simulation tool is finished running and a network link is turned on and data communication is finished with the lapse of time, storing the log file records and the network data packet file records in a first storage location, analyzing the log file records and the network data packet file records, wherein quantitative characteristic records of the log file records and the network data packet file records are extracted by using characteristics, the log file records and the network data packet file records are converted into a second storage location, and the log file records and the security data packet records are stored as a second storage location, and a second storage location, the application program is selected as a security signature, and the application program, the second storage database, the application program, the security signature is used as a security signature, and the second storage database, the security signature, the second storage database, the security signature is used for determining whether the security signature, and the security signature, the application program, the security signature, and the signature, the signature of the application program, the signature of the signature, and the signature of the signature, the signature of the signature, the signature of the signature, and the signature, the signature of the signature, the signature of the signature.
In one embodiment, in step S7, further determining whether to keep the application program in the terminal or uninstall the application program based on the result of the analysis, and sending the information of the application program to the decision server to update the database for big data analysis, decision and confirmation further comprises: the terminal reserves the application program when the terminal is a safe application program and unloads the application program when the terminal is malicious based on the first part of the analysis result, and sends information of the application program comprising the first part of the analysis result and the second part of the analysis result to the judgment server to update the database for big data analysis, judgment and confirmation, wherein the second part of the analysis result further comprises a supplementary part of malicious identification information for marking the relevant information for creating the main body to be used for identifying the malicious identification information which can influence the terminal.
In one embodiment, in step S7, after the above steps are performed, the following operations are further performed: after the application program is unloaded, when the terminal starts network communication, the monitoring program is activated, so that the monitoring program intercepts data transmitted and received through a network in real time, the transmitted data sink and/or the received data source is subjected to feature matching with a previously determined malicious source, when the matching standard is met, the result is displayed to a user, the position of the data to be transmitted and the name and position of an entity calling the data are analyzed, fixed-point removal is carried out on the name and position of the entity calling the data, then the result of whether the removal is successful or not is displayed, and if the removal is unsuccessful, the removal operation is repeated and the removal process is displayed to the user until the preset requirement is met.
In one embodiment, the position of the data to be sent is analyzed, the data to be sent is also analyzed at the same time, whether the information of the account number, the contact person, the verification code and the contact way of the user is contained or not is determined, and if the information exists, the risk is prompted to the user.
In one embodiment, in step S8, when the application requests to access the user private data on the terminal, the terminal confirms its access right according to the right configuration table, and the performing corresponding operations further includes: when the application requests access to the user privacy data on the terminal, the application sends an access request to a processor of the terminal, the processor sends an application identifier to the rights management module to determine the access rights of the application according to a rights configuration table in the rights management module, when the application program has access rights to one or more of the plurality of private data, the processor determines whether the access rights to the private data of the user on the terminal to which the application program requests access conform to the access rights determined by the rights configuration table, if the answer is yes, a corresponding interpretation engine is allocated to the application program, the processor issues a jump instruction, the application program is guided to the entrance of the interpretation engine after the jump instruction is executed, for interpreting, by the interpretation engine, user privacy data on the terminal requesting access and sending the interpreted user privacy data to the application.
In one embodiment, the user privacy data is data converted for securing user information, which is stored in the terminal without being explicitly stored and captured by malicious code or file or software attack, thereby causing irreparable loss to the user, wherein the user privacy data is first converted from the code form of the primitive function into bytecode which can only be interpreted by the interpretation engine of the terminal, cannot be effectively split and broken by third-party software, and does not appear to have obvious meaning, the bytecode is interpreted by the interpretation engine in the form of fragments, and the fragment length is defined by the interpretation engine, while separators in the form of bytecodes of limited data length which represent intervals and are recognizable by the interpretation engine at the end of the previous fragment between the fragments; setting a jump instruction for the byte code, storing the jump instruction in a register, and simultaneously erasing user privacy data represented by the code form of the original function; when an application program requests to access user privacy data on a terminal, if the processor determines whether the access authority of the user privacy data on the terminal which the application program requests to access meets the access authority determined by the authority configuration table, the processor calls and issues a jump instruction, and guides the application program to an inlet of an interpretation engine after executing the jump instruction, so that the interpretation engine interprets the user privacy data on the terminal which the application program requests to access, and sends the interpreted user privacy data to the application program.
In one embodiment, in step S9, when a new instant messaging message is incoming to the terminal and the application requests access, the enabling or disabling of access to the application by the terminal based on the access setting further comprises: when a new instant communication message is transmitted to the terminal, the terminal receives the newly transmitted instant communication message, a message analysis module of the terminal analyzes the secret-related information contained in the message, the message analysis module of the terminal judges whether the transmitted instant communication message contains the information of the combination of any one or more of a user password, an account and a verification code and the valid time, and when the transmitted instant communication message contains the information of the combination of any one or more of the user password, the account and the verification code and the valid time, the newly transmitted instant communication message is stored in a private repository of the terminal, otherwise, the newly transmitted instant communication message is stored in a conventional repository of the terminal; when information containing any one or more of these in combination with the validity time and when an installed application attempts to access the incoming instant messaging message, the rights management module verifies whether the application has access rights to the incoming instant messaging message, (i) if not, the rights management module notifies the terminal's private store not to send the new incoming instant messaging message to the application, and (ii) if so, the rights management module sends an application's read request for a message in the private store to the private store, and the rights management module notifies the terminal's message analysis module to determine whether the current time period is in the stored valid read period for the new incoming instant messaging message, and when in the stored valid read period for the new incoming instant messaging message, the new incoming instant messaging message stored therein is sent by the private store to the application, otherwise, when the user is not in the effective reading period of the newly-transmitted instant messaging message, namely in the reading prohibition period of the newly-transmitted instant messaging message, the privacy repository refuses to send the newly-transmitted instant messaging message stored in the privacy repository to the application program until the reading prohibition period is removed, and at the moment, even if the application program tries to read the private information successfully, the application program exceeds the accessible effective reading period of the newly-transmitted instant messaging message along with the passing of time, so that even if the application program reads the private information, the application program cannot attack the terminal due to the passing of the effective period, and the stealing and the leakage of the private information of the terminal by a malicious application program are greatly reduced; and when storing the new incoming instant messenger message into the regular repository of the terminal and when the installed application attempts to access the incoming instant messenger message, the rights management module verifies whether the application has access rights to the incoming instant messenger message, (i) if not, the rights management module notifies the regular repository of the terminal not to send the new incoming instant messenger message to the application, and (ii) if having access rights, the rights management module sends a read request of the application for the message in the regular repository to the regular repository and the new incoming instant messenger message stored therein is sent by the regular repository to the application.
In one embodiment, a terminal-based big data analysis system is disclosed, comprising a terminal and a decision server, wherein the terminal comprises: the system comprises a processor, a right management module, an interpretation engine, a message analysis module, a private repository and a conventional repository; a database for big data analysis, confirmation and judgment is arranged in the judgment server; the terminal-based big data analysis system is used for executing the terminal-based big data analysis method.
Drawings
Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
fig. 1 illustrates a brief flowchart of a terminal-based big data analysis method according to an exemplary embodiment of the present invention.
Fig. 2 illustrates a flowchart of a specific implementation of a terminal-based big data analysis method of fig. 1, according to an exemplary embodiment of the present invention.
Fig. 3 illustrates a terminal-based big data analysis system according to an exemplary embodiment of the present invention.
Detailed Description
Before proceeding with the following detailed description, it may be advantageous to set forth definitions of certain words and phrases used throughout this patent document: the terms "include" and "comprise," as well as derivatives thereof, mean inclusion without limitation; the term "or" is inclusive, meaning and/or; the phrases "associated with," "associated with," and derivatives thereof may mean to include, be included within, with, interconnect with, contain, be included within, be connected to, or be connected with, be coupled to, or be coupled with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to, or be bound with, have properties of, etc.; while the term "controller" means any device, system or component thereof that controls at least one operation, such a device may be implemented in hardware, firmware or software, or some combination of at least two of the same. It should be noted that: the functionality associated with any particular controller may be centralized or distributed, whether locally or remotely. Definitions for certain words and phrases are provided throughout this patent document, as those skilled in the art will understand: in many, if not most instances, such definitions apply to prior as well as future uses of such defined words and phrases.
In the following description, reference is made to the accompanying drawings that show, by way of illustration, several specific embodiments. It will be understood that: other embodiments are contemplated and may be made without departing from the scope or spirit of the present disclosure. The following detailed description is, therefore, not to be taken in a limiting sense.
Fig. 1 illustrates a brief flowchart of a terminal-based big data analysis method according to an exemplary embodiment of the present invention. The method comprises the following steps:
(A) the terminal searches for the required application program and sends the application program to the judgment server to confirm whether the application program is malicious or not;
(B) the terminal determines whether to retry downloading of other resources or whether to download or directly download the application program by the user selection based on the result of judging whether the server obtains the malicious or not according to the big data:
(C) the terminal downloads and installs the application program, extracts information and sends the information to the judgment server for security authentication;
(D) the terminal determines whether to reserve the application program in the terminal or uninstall the application program based on the security authentication of the decision server; and
(E) after the terminal determines to retain the application program, the authority management is carried out to enable or disable the application program when the subsequent application program runs and accesses sensitive or private data on the terminal.
Fig. 2 illustrates a flowchart of a specific implementation of a terminal-based big data analysis method of fig. 1, according to an exemplary embodiment of the present invention. The method further comprises the steps of:
step S1, the terminal searches the needed application program via wireless network and obtains the name and/or IP information of the resource server containing the application program;
step S2, the terminal sends the name and/or IP information of the resource server to the judgment server to confirm whether the server is malicious or not;
in step S3, the terminal performs a corresponding operation according to the result of determining whether the server confirms malicious or not based on the big data: blocking a communication link with the resource server if malicious and continuing to try the other resource servers acquired in step S1 and sequentially performing steps S2 and S3 until the determination server confirms non-malicious or the number of attempts reaches a user preset number; if the application program is not malicious, selecting whether to download or directly download the application program by the user;
step S4, the downloaded terminal installs the application program and extracts the information, signs the application program, and sends the extracted information to the judgment server for security authentication;
step S5, the terminal determines whether to keep the application program in the terminal or uninstall the application program according to the security authentication result of the judgment server based on the big data; when the application program is reserved, giving a unique authority to the application program, and when the application program is uninstalled, sending information of the application program to a judgment server to update a database for big data analysis, judgment and confirmation;
step S6, when the application program is executed on the terminal, the operation parameter is obtained and analyzed;
step S7, further determining whether to keep the application program in the terminal or uninstall the application program based on the result of the analysis, and sending the information of the application program to the decision server to update the database for big data analysis, decision and confirmation;
step S8, when the application program requests to access the user privacy data on the terminal, the terminal confirms the access authority according to the authority configuration table and executes the corresponding operation;
when a new instant messenger message is introduced by the terminal and the application requests access, the terminal enables or disables access to the application based on the access setting, step S9.
According to the big data analysis method based on the terminal, the big data and information security technology can be utilized to perform security detection on the application program in the installation stage, intercept the application program harmful to the terminal and confirm and block the source of the application program; and aiming at the problem of legal or illegal access of the application program to the private information of the user in the terminal, the private information is read through reasonable management and the reading is ensured not to exceed the preset authority, or the unreasonable access of the application program to the private program is avoided through setting, and the safety of the system is realized based on big data and authority management.
Preferably, the step S1 further includes: searching through a search engine by inputting a name of a desired application directly via a browser installed at a terminal; or in the current non-browser application, a user presses the screen for a long time by fingers, an option for selecting characters appears on the screen, the user selects and highlights all or part of the names of the application programs, clicks a search button appearing on the screen after selection, clicks the search button to appear one or more selection icons of the browser for selection, and searches after selecting the corresponding browser icon; or in the current non-browser application, an input box appears on a screen by selecting a search icon in the non-browser application, and after a desired application program name is input, the non-browser application directly calls a default third-party browser to search, or one or more selection icons of the browser appear for selection and search is performed after the corresponding browser icon is selected; or in an instant messaging application embedded with a browser, the embedded browser is invoked for searching either by the user long-pressing the screen with a finger and presenting on the screen an option to select text, by selecting and highlighting all or part of the application's name and clicking a search button presented on the screen after selection, or by presenting an input box on the screen by selecting a search icon in the non-browser application, and by entering the desired application name. After searching for a desired application via a wireless network, a name and/or an IP address for identifying a resource server containing the application is acquired according to the result.
Preferably, the step S2 further includes: the terminal selects any one or two of the name and/or IP information of the resource server, packages the selected resource server in a packet to be transmitted in a fixed packet transmission format, sets the header of the packet as a request attribute, terminates the packet after the selected resource server is identified by a fixed terminator so as to facilitate the identification of the judgment server, and then sends the packet to the judgment server through a wireless link for confirmation of maliciousness or not.
Preferably, the step S3 further includes: the judgment server is internally provided with a database for big data analysis, confirmation and judgment, the database stores security attribute information of the application program of the terminal, including malicious, security and undetermined, the security attribute information is updated along with the lapse of time, and the updating mode is carried out through any one of modes of user uploading, information center notification and the like; the method comprises the steps that a judgment server receives a packet transmitted by a terminal, extracts any one or both of the name and/or IP information of a resource server in the packet based on a preset packet splitting rule, inputs the name and/or the IP information into an internally arranged database for information matching, packages the results of definite and undetermined security attribute information when a matching item conforming to security or maliciousness and no matching are confirmed to be detected, and transmits the results to the terminal through a wireless link; the terminal receives the packet and splits the packet, extracts the security attribute information in the packet, if the packet is malicious, blocks the communication link with the resource server, and continues to try the other resource servers obtained in the step S1 and sequentially executes the steps S2 and S3 until the judgment server confirms that the packet is not malicious or the number of attempts reaches the preset number of users; if it is safe, the user selects whether to download the application: if the application program is safe, the user selects whether to download or directly download the application program, wherein if the application program is safe, the application program is directly downloaded, if the application program is pending, the user selects whether to download the application program, if the application program is downloaded, the subsequent steps are carried out, if the application program is not downloaded, whether to directly exit the method or to continuously try the other resource servers acquired in the step S1, and the steps S2 and S3 are sequentially executed until the server is determined to confirm that the safety attribute which is expected by the user is met or the number of the try times reaches the preset number of the user.
Preferably, the step S4 further includes: in the step that the terminal installs the application program and extracts the information of the application program after downloading, signs the application program, and sends the extracted information to the judgment server for security authentication, wherein in the process of installing the application program, the terminal changes the file suffix name of the application program to decompress the file suffix name so as to obtain a first file which is included in the file and is formed by compiling and tool packaging, obtains a transformation tool to copy the class file including the class name to a first directory position, and generates packet data in the application program through a class conversion command at the first directory position; acquiring a called function by traversing a database function of the grouped data, and determining the behavior attribute of the called function by the behavior information of the called function, wherein the behavior information comprises access behavior information, creation process behavior information, operation registry behavior information, behavior information for applying for calling identifiers and authorities of other application programs, installation behavior information, compression packaging behavior information and mobile data transmission behavior information, and the behavior attribute comprises maliciousness or not; and determining a behavior execution path of the called function according to the behavior attribute, recording the execution path as a part of the extracted information, uploading the execution path to the judgment server in the subsequent steps, and analyzing part or all of the execution path and path big data based on byte codes in the judgment server so as to perform security authentication. During the process of signature processing of the application program by the terminal, acquiring all files in the application program based on the decompressed application program; the method comprises the steps of calculating summary information of a file of a first type by using a secure hash algorithm, encoding the summary information, storing an encoded value into a first file of a second type different from the first type, generating a set of signature information by using the summary information and private key information previously stored in the first file of the second type, storing the signature information and a public key into a first position in a second file of the second type different from the first file, and storing the signature information and the public key into a second position in the second file, wherein the first type and the second type relate to files of different directory types.
Preferably, in the above step S4, the extracting information further includes other parts of the extracting information, namely: renaming the file of the application program into a file with a suffix name in a compressed package form, decompressing to obtain a first configuration file, and converting the first configuration file into an operable text format by using first open source software; decompiling a binary source code file in the decompressed result by using second open-source software; restoring the binary source code file by using third open source software to obtain the source code of the file of the application program; scanning source codes of files based on application programs by using a matching algorithm, counting specified keywords, acquiring the number and corresponding positions of the specified keywords in class files, storing the quantity and corresponding positions by using a matrix, and calculating the similar distance between every two keywords based on a distance algorithm; classifying the keywords based on the similar distance, taking each keyword in the matrix as a root node, gathering the keywords with high similarity with each node, comparing the gathered keywords with the stored matrix of the position where the keywords are located, removing the keywords in different categories, and further classifying and storing the keywords; comparing the characteristics of the security application program stored in the characteristic database in the terminal with the characteristics stored in a classified manner, and removing the security characteristics contained in the characteristics of the application program so as to avoid increasing the information processing amount, increasing the information processing time and power consumption and wasting the limited processing resources of the terminal; the data categorized storing and de-characterizing is sent to the decision server for security authentication as the other part of the extracted information, along with other information.
Preferably, the step S5 further includes: the terminal receives a security authentication result of the judgment server based on the big data, further determines whether the server is malicious or not based on the result, unloads the application program when the server is malicious, reserves the application program in the terminal when the server is safe, and displays risk prompt information to a user on a display screen to enable the user to know security attributes and select unloading or reserving when the server is to be timed; when the application program is reserved, the application program is endowed with the authority, wherein the authority comprises a storage authority, a photographing authority, a microphone use authority, a recording authority, a terminal sensor calling authority, a short message reading and sending authority, a telephone dialing authority, an authority for identifying a SIM card number installed in a terminal, an authority for reading an address book, an authority for reading user motion data, an authority for starting a mobile operator communication network connection authority, a wireless fidelity connection authority, an authority for reading other application programs and an authority for reading communication records of instant messaging software, and the authority is endowed with an enabling authority or a disabling authority; when it is determined to uninstall, information of the application is sent to the decision server to update the database for big data analysis, decision and confirmation in the decision server.
Preferably, in step S6, when the application is executed on the terminal, the application obtains and analyzes its operating parameters, including executing the application, obtaining behavior parameters during its execution, the behavior parameters including system API, changes in file permissions, process and thread execution data, call data, network access request data, network data sent, and recording the behavior parameters in a log file, monitoring creation operations of portable execution files in the application, determining their creation subject, establishing a correspondence between portable execution files and their creation subject in the terminal memory, running and simulating end-user' S operations using a simulation tool by itself to obtain log file records and network data packet file records, after the simulation tool has run and is turned on and data communication permissions have ended with the passage of time, storing the log file records and network data packet file records in a first storage location, analyzing the log file records and network data packet file records, wherein feature extraction is used to extract feature information of log file records and network data packet file records, transform the feature information of the log file records and network data packet file records into a second storage location, and to use the second storage as a signature for the application to determine whether the security analysis of the security information, and to determine whether the security information of the security data packet records, and to be used as a second security classification signature, and to determine whether the security information, and to be used as a second signature for the security classification of the relevant signature of the application when the application, and the relevant signature of the relevant installation target application, and the relevant signature of the relevant terminal, and the relevant signature of the relevant signature, and the relevant signature of the relevant terminal, and the relevant signature of the relevant signature, and the relevant terminal, and the application, and the relevant signature of the relevant terminal, and the application, and the relevant signature of the application, and the application.
Preferably, in step S7, the further determining whether to keep the application program in the terminal or uninstall the application program based on the result of the analysis, and the sending information of the application program to the decision server to update the database for big data analysis, decision and confirmation further comprises: the terminal reserves the application program when the terminal is a safe application program and unloads the application program when the terminal is malicious based on the first part of the analysis result, and sends information of the application program comprising the first part of the analysis result and the second part of the analysis result to the judgment server to update the database for big data analysis, judgment and confirmation, wherein the second part of the analysis result further comprises a supplementary part of malicious identification information for marking the relevant information for creating the main body to be used for identifying the malicious identification information which can influence the terminal.
Preferably, in step S7, after the above steps are performed, the following operations are further performed: after the application program is unloaded, when the terminal starts network communication, the monitoring program is activated, so that the monitoring program intercepts data transmitted and received through a network in real time, the transmitted data sink and/or the received data source is subjected to feature matching with a previously determined malicious source, when the matching standard is met, the result is displayed to a user, the position of the data to be transmitted and the name and position of an entity calling the data are analyzed, fixed-point removal is carried out on the name and position of the entity calling the data, then the result of whether the removal is successful or not is displayed, and if the removal is unsuccessful, the removal operation is repeated and the removal process is displayed to the user until the preset requirement is met.
And further, analyzing the position of the data to be sent and analyzing the data to be sent at the same time to determine whether the information of the account number, the contact person, the verification code and the contact way of the user exists, and if so, prompting the risk to the user.
Preferably, in step S8, when the application requests to access the user private data on the terminal, the terminal confirms its access right according to the right configuration table, and the performing corresponding operations further includes: when the application requests access to the user privacy data on the terminal, the application sends an access request to a processor of the terminal, the processor sends an application identifier to the rights management module to determine the access rights of the application according to a rights configuration table in the rights management module, when the application program has access rights to one or more of the plurality of private data, the processor determines whether the access rights to the private data of the user on the terminal to which the application program requests access conform to the access rights determined by the rights configuration table, if the answer is yes, a corresponding interpretation engine is allocated to the application program, the processor issues a jump instruction, the application program is guided to the entrance of the interpretation engine after the jump instruction is executed, for interpreting, by the interpretation engine, user privacy data on the terminal requesting access and sending the interpreted user privacy data to the application.
Preferably, the user privacy data is data converted for securing user information, which is stored in the terminal without being explicitly stored and captured by malicious code or file or software attack, thereby causing irreparable loss to the user, wherein the user privacy data is first converted from the code form of the primitive function into bytecode which can only be interpreted by the interpretation engine of the terminal, cannot be effectively split and broken by third-party software, and does not appear to have obvious meaning, the bytecode is interpreted by the interpretation engine in the form of fragments, and the fragment length is defined by the interpretation engine, while separators in the form of bytecodes of limited data length which represent intervals, which are recognizable by the interpretation engine at the end of the previous fragment, between the respective fragments; setting a jump instruction for the byte code, storing the jump instruction in a register, and simultaneously erasing user privacy data represented by the code form of the original function; when an application program requests to access user privacy data on a terminal, if the processor determines whether the access authority of the user privacy data on the terminal which the application program requests to access meets the access authority determined by the authority configuration table, the processor calls and issues a jump instruction, and guides the application program to an inlet of an interpretation engine after executing the jump instruction, so that the interpretation engine interprets the user privacy data on the terminal which the application program requests to access, and sends the interpreted user privacy data to the application program.
Preferably, in step S9, when a new instant messenger message is incoming to the terminal and the application requests access, the enabling or disabling of access to the application by the terminal based on the access setting further includes: when a new instant communication message is transmitted to the terminal, the terminal receives the newly transmitted instant communication message, a message analysis module of the terminal analyzes the secret-related information contained in the message, the message analysis module of the terminal judges whether the transmitted instant communication message contains the information of the combination of any one or more of a user password, an account and a verification code and the valid time, and when the transmitted instant communication message contains the information of the combination of any one or more of the user password, the account and the verification code and the valid time, the newly transmitted instant communication message is stored in a private repository of the terminal, otherwise, the newly transmitted instant communication message is stored in a conventional repository of the terminal; when information containing any one or more of these in combination with the validity time and when an installed application attempts to access the incoming instant messaging message, the rights management module verifies whether the application has access rights to the incoming instant messaging message, (i) if not, the rights management module notifies the terminal's private store not to send the new incoming instant messaging message to the application, and (ii) if so, the rights management module sends an application's read request for a message in the private store to the private store, and the rights management module notifies the terminal's message analysis module to determine whether the current time period is in the stored valid read period for the new incoming instant messaging message, and when in the stored valid read period for the new incoming instant messaging message, the new incoming instant messaging message stored therein is sent by the private store to the application, otherwise, when the user is not in the effective reading period of the newly-transmitted instant messaging message, namely in the reading prohibition period of the newly-transmitted instant messaging message, the privacy repository refuses to send the newly-transmitted instant messaging message stored in the privacy repository to the application program until the reading prohibition period is removed, and at the moment, even if the application program tries to read the private information successfully, the application program exceeds the accessible effective reading period of the newly-transmitted instant messaging message along with the passing of time, so that even if the application program reads the private information, the application program cannot attack the terminal due to the passing of the effective period, and the stealing and the leakage of the private information of the terminal by a malicious application program are greatly reduced; and when storing the new incoming instant messenger message into the regular repository of the terminal and when the installed application attempts to access the incoming instant messenger message, the rights management module verifies whether the application has access rights to the incoming instant messenger message, (i) if not, the rights management module notifies the regular repository of the terminal not to send the new incoming instant messenger message to the application, and (ii) if having access rights, the rights management module sends a read request of the application for the message in the regular repository to the regular repository and the new incoming instant messenger message stored therein is sent by the regular repository to the application.
Fig. 3 illustrates a terminal-based big data analysis system according to an exemplary embodiment of the present invention, including a terminal and a decision server, wherein the terminal includes: the system comprises a processor, a right management module, an interpretation engine, a message analysis module, a private repository and a conventional repository; the judgment server is internally provided with a database for big data analysis, confirmation and judgment.
Preferably, the terminal-based big data analysis system is configured to perform the following methods and steps: the terminal searches for the required application program and sends the application program to the judgment server to confirm whether the application program is malicious or not; the terminal determines whether to retry downloading of other resources or whether to download or directly download the application program by the user selection based on the result of judging whether the server obtains the malicious or not according to the big data: the terminal downloads and installs the application program, extracts information and sends the information to the judgment server for security authentication; the terminal determines whether to reserve the application program in the terminal or uninstall the application program based on the security authentication of the decision server; and after the terminal determines to reserve the application program, carrying out authority management to enable or disable the application program when the subsequent application program runs and accesses sensitive or private data on the terminal.
Preferably, the terminal-based big data analysis system further performs the following steps: step S1, the terminal searches the needed application program via wireless network and obtains the name and/or IP information of the resource server containing the application program; step S2, the terminal sends the name and/or IP information of the resource server to the judgment server to confirm whether the server is malicious or not; in step S3, the terminal performs a corresponding operation according to the result of determining whether the server confirms malicious or not based on the big data: blocking a communication link with the resource server if malicious and continuing to try the other resource servers acquired in step S1 and sequentially performing steps S2 and S3 until the determination server confirms non-malicious or the number of attempts reaches a user preset number; if the application program is not malicious, selecting whether to download or directly download the application program by the user; step S4, the downloaded terminal installs the application program and extracts the information, signs the application program, and sends the extracted information to the judgment server for security authentication; step S5, the terminal determines whether to keep the application program in the terminal or uninstall the application program according to the security authentication result of the judgment server based on the big data; when the application program is reserved, giving a unique authority to the application program, and when the application program is uninstalled, sending information of the application program to a judgment server to update a database for big data analysis, judgment and confirmation; step S6, when the application program is executed on the terminal, the operation parameter is obtained and analyzed; step S7, further determining whether to keep the application program in the terminal or uninstall the application program based on the result of the analysis, and sending the information of the application program to the decision server to update the database for big data analysis, decision and confirmation; step S8, when the application program requests to access the user privacy data on the terminal, the terminal confirms the access authority according to the authority configuration table and executes the corresponding operation; when a new instant messenger message is introduced by the terminal and the application requests access, the terminal enables or disables access to the application based on the access setting, step S9.
According to the big data analysis system based on the terminal, the big data and information security technology can be utilized to perform security detection on the application program in the installation stage, intercept the application program harmful to the terminal and confirm and block the source of the application program; and aiming at the problem of legal or illegal access of the application program to the private information of the user in the terminal, the private information is read through reasonable management and the reading is ensured not to exceed the preset authority, or the unreasonable access of the application program to the private program is avoided through setting, and the safety of the system is realized based on big data and authority management.
Preferably, the terminal-based big data analysis system further performs the following steps: searching through a search engine by inputting a name of a desired application directly via a browser installed at a terminal; or in the current non-browser application, a user presses the screen for a long time by fingers, an option for selecting characters appears on the screen, the user selects and highlights all or part of the names of the application programs, clicks a search button appearing on the screen after selection, clicks the search button to appear one or more selection icons of the browser for selection, and searches after selecting the corresponding browser icon; or in the current non-browser application, an input box appears on a screen by selecting a search icon in the non-browser application, and after a desired application program name is input, the non-browser application directly calls a default third-party browser to search, or one or more selection icons of the browser appear for selection and search is performed after the corresponding browser icon is selected; or in an instant messaging application embedded with a browser, the embedded browser is invoked for searching either by the user long-pressing the screen with a finger and presenting on the screen an option to select text, by selecting and highlighting all or part of the application's name and clicking a search button presented on the screen after selection, or by presenting an input box on the screen by selecting a search icon in the non-browser application, and by entering the desired application name. After searching for a desired application via a wireless network, a name and/or an IP address for identifying a resource server containing the application is acquired according to the result.
Preferably, the terminal-based big data analysis system further performs the following steps: the terminal selects any one or two of the name and/or IP information of the resource server, packages the selected resource server in a packet to be transmitted in a fixed packet transmission format, sets the header of the packet as a request attribute, terminates the packet after the selected resource server is identified by a fixed terminator so as to facilitate the identification of the judgment server, and then sends the packet to the judgment server through a wireless link for confirmation of maliciousness or not.
Preferably, the terminal-based big data analysis system further performs the following step S3: the judgment server is internally provided with a database for big data analysis, confirmation and judgment, the database stores security attribute information of the application program of the terminal, including malicious, security and undetermined, the security attribute information is updated along with the lapse of time, and the updating mode is carried out through any one of modes of user uploading, information center notification and the like; the method comprises the steps that a judgment server receives a packet transmitted by a terminal, extracts any one or both of the name and/or IP information of a resource server in the packet based on a preset packet splitting rule, inputs the name and/or the IP information into an internally arranged database for information matching, packages the results of definite and undetermined security attribute information when a matching item conforming to security or maliciousness and no matching are confirmed to be detected, and transmits the results to the terminal through a wireless link; the terminal receives the packet and splits the packet, extracts the security attribute information in the packet, if the packet is malicious, blocks the communication link with the resource server, and continues to try the other resource servers obtained in the step S1 and sequentially executes the steps S2 and S3 until the judgment server confirms that the packet is not malicious or the number of attempts reaches the preset number of users; if it is safe, the user selects whether to download the application: if the application program is safe, selecting whether to download or directly download the application program by the user, wherein if the application program is safe, directly downloading the application program, if the application program is pending, selecting whether to download the application program by the user, if the application program is pending, performing subsequent steps, if the application program is not downloaded, determining whether to directly exit the method executed by the terminal-based big data analysis system or continue to try the other resource servers acquired in the step S1, and sequentially executing the steps S2 and S3 until the server is determined to confirm that the safety attribute meeting the user' S requirement is met or the number of tries reaches the user preset number;
preferably, the terminal-based big data analysis system further performs the following step S4: in the step that the terminal installs the application program and extracts the information of the application program after downloading, signs the application program, and sends the extracted information to the judgment server for security authentication, wherein in the process of installing the application program, the terminal changes the file suffix name of the application program to decompress the file suffix name so as to obtain a first file which is included in the file and is formed by compiling and tool packaging, obtains a transformation tool to copy the class file including the class name to a first directory position, and generates packet data in the application program through a class conversion command at the first directory position; acquiring a called function by traversing a database function of the grouped data, and determining the behavior attribute of the called function by the behavior information of the called function, wherein the behavior information comprises access behavior information, creation process behavior information, operation registry behavior information, behavior information for applying for calling identifiers and authorities of other application programs, installation behavior information, compression packaging behavior information and mobile data transmission behavior information, and the behavior attribute comprises maliciousness or not; and determining a behavior execution path of the called function according to the behavior attribute, recording the execution path as a part of the extracted information, uploading the execution path to the judgment server in the subsequent steps, and analyzing part or all of the execution path and path big data based on byte codes in the judgment server so as to perform security authentication. During the process of signature processing of the application program by the terminal, acquiring all files in the application program based on the decompressed application program; the method comprises the steps of calculating summary information of a file of a first type by using a secure hash algorithm, encoding the summary information, storing an encoded value into a first file of a second type different from the first type, generating a set of signature information by using the summary information and private key information previously stored in the first file of the second type, storing the signature information and a public key into a first position in a second file of the second type different from the first file, and storing the signature information and the public key into a second position in the second file, wherein the first type and the second type relate to files of different directory types.
Preferably, the terminal-based big data analysis system further performs the following step S4, and the extracting information further includes other parts of the extracting information, namely: renaming the file of the application program into a file with a suffix name in a compressed package form, decompressing to obtain a first configuration file, and converting the first configuration file into an operable text format by using first open source software; decompiling a binary source code file in the decompressed result by using second open-source software; restoring the binary source code file by using third open source software to obtain the source code of the file of the application program; scanning source codes of files based on application programs by using a matching algorithm, counting specified keywords, acquiring the number and corresponding positions of the specified keywords in class files, storing the quantity and corresponding positions by using a matrix, and calculating the similar distance between every two keywords based on a distance algorithm; classifying the keywords based on the similar distance, taking each keyword in the matrix as a root node, gathering the keywords with high similarity with each node, comparing the gathered keywords with the stored matrix of the position where the keywords are located, removing the keywords in different categories, and further classifying and storing the keywords; comparing the characteristics of the security application program stored in the characteristic database in the terminal with the characteristics stored in a classified manner, and removing the security characteristics contained in the characteristics of the application program so as to avoid increasing the information processing amount, increasing the information processing time and power consumption and wasting the limited processing resources of the terminal; the data categorized storing and de-characterizing is sent to the decision server for security authentication as the other part of the extracted information, along with other information.
Preferably, the terminal-based big data analysis system further performs the following step S5: the terminal receives a security authentication result of the judgment server based on the big data, further determines whether the server is malicious or not based on the result, unloads the application program when the server is malicious, reserves the application program in the terminal when the server is safe, and displays risk prompt information to a user on a display screen to enable the user to know security attributes and select unloading or reserving when the server is to be timed; when the application program is reserved, the application program is endowed with the authority, wherein the authority comprises a storage authority, a photographing authority, a microphone use authority, a recording authority, a terminal sensor calling authority, a short message reading and sending authority, a telephone dialing authority, an authority for identifying a SIM card number installed in a terminal, an authority for reading an address book, an authority for reading user motion data, an authority for starting a mobile operator communication network connection authority, a wireless fidelity connection authority, an authority for reading other application programs and an authority for reading communication records of instant messaging software, and the authority is endowed with an enabling authority or a disabling authority; when it is determined to uninstall, information of the application is sent to the decision server to update the database for big data analysis, decision and confirmation in the decision server.
Preferably, the terminal-based big data analysis system further performs a step S6 of acquiring and analyzing an operation parameter of the application program when the application program is executed on the terminal, wherein the step S6 includes the steps of executing the application program, acquiring a behavior parameter during the operation of the application program, the behavior parameter including a system API, a change in file authority, process and thread operation data, call data, network access request data, and transmitted network data, recording the behavior parameter in a log file, monitoring the creation operation of a portable execution file in the application program, determining the creation subject thereof, establishing a correspondence between the portable execution file and the creation subject thereof in a terminal memory, running and simulating the operation of the terminal user by using a simulation tool to obtain log file records and network data packet file records, after the simulation tool runs and ends and a data communication is completed with the passage of time, storing the log file records and network data packet file records in a first storage location, analyzing the log file records and network data packet file records, wherein the log file records and network data packet file records are extracted by using a characteristic, and the network authority records are stored as a second storage database, and when the application program is executed, the terminal is executed, and the application program is executed, and the terminal is executed as a security database, the terminal is executed, and the terminal is executed, the terminal executes a security analysis method of processing the method of processing the terminal, and processing of processing the method of processing the processing of processing the processing of processing the processing of processing the processing of processing the processing of processing the processing of processing the processing of processing the processing of processing the.
Preferably, the terminal-based big data analysis system further performs the following step S7, further determining whether to keep the application in the terminal or uninstall the application based on the result of the analysis, and sending the information of the application to the decision server to update the database for big data analysis, decision and confirmation further comprises: the terminal reserves the application program when the terminal is a safe application program and unloads the application program when the terminal is malicious based on the first part of the analysis result, and sends information of the application program comprising the first part of the analysis result and the second part of the analysis result to the judgment server to update the database for big data analysis, judgment and confirmation, wherein the second part of the analysis result further comprises a supplementary part of malicious identification information for marking the relevant information for creating the main body to be used for identifying the malicious identification information which can influence the terminal.
Preferably, the terminal-based big data analysis system further performs the following step S7, and after performing the above steps, further performs the following operations: after the application program is unloaded, when the terminal starts network communication, the monitoring program is activated, so that the monitoring program intercepts data transmitted and received through a network in real time, the transmitted data sink and/or the received data source is subjected to feature matching with a previously determined malicious source, when the matching standard is met, the result is displayed to a user, the position of the data to be transmitted and the name and position of an entity calling the data are analyzed, fixed-point removal is carried out on the name and position of the entity calling the data, then the result of whether the removal is successful or not is displayed, and if the removal is unsuccessful, the removal operation is repeated and the removal process is displayed to the user until the preset requirement is met.
And further, analyzing the position of the data to be sent and analyzing the data to be sent at the same time to determine whether the information of the account number, the contact person, the verification code and the contact way of the user exists, and if so, prompting the risk to the user.
Preferably, the terminal-based big data analysis system further performs the following step S8, when the application requests to access the user private data on the terminal, the terminal confirms its access right according to the right configuration table, and performs the corresponding operation further including: when the application requests access to the user privacy data on the terminal, the application sends an access request to a processor of the terminal, the processor sends an application identifier to the rights management module to determine the access rights of the application according to a rights configuration table in the rights management module, when the application program has access rights to one or more of the plurality of private data, the processor determines whether the access rights to the private data of the user on the terminal to which the application program requests access conform to the access rights determined by the rights configuration table, if the answer is yes, a corresponding interpretation engine is allocated to the application program, the processor issues a jump instruction, the application program is guided to the entrance of the interpretation engine after the jump instruction is executed, for interpreting, by the interpretation engine, user privacy data on the terminal requesting access and sending the interpreted user privacy data to the application.
Preferably, the user privacy data is data converted for securing user information, which is stored in the terminal without being explicitly stored and captured by malicious code or file or software attack, thereby causing irreparable loss to the user, wherein the user privacy data is first converted from the code form of the primitive function into bytecode which can only be interpreted by the interpretation engine of the terminal, cannot be effectively split and broken by third-party software, and does not appear to have obvious meaning, the bytecode is interpreted by the interpretation engine in the form of fragments, and the fragment length is defined by the interpretation engine, while separators in the form of bytecodes of limited data length which represent intervals, which are recognizable by the interpretation engine at the end of the previous fragment, between the respective fragments; setting a jump instruction for the byte code, storing the jump instruction in a register, and simultaneously erasing user privacy data represented by the code form of the original function; when an application program requests to access user privacy data on a terminal, if the processor determines whether the access authority of the user privacy data on the terminal which the application program requests to access meets the access authority determined by the authority configuration table, the processor calls and issues a jump instruction, and guides the application program to an inlet of an interpretation engine after executing the jump instruction, so that the interpretation engine interprets the user privacy data on the terminal which the application program requests to access, and sends the interpreted user privacy data to the application program.
Preferably, the terminal-based big data analysis system further performs the following step S9, when a new instant messaging message is incoming to the terminal and the application requests access, the enabling or disabling of the access to the application by the terminal based on the access setting further comprises: when a new instant communication message is transmitted to the terminal, the terminal receives the newly transmitted instant communication message, a message analysis module of the terminal analyzes the secret-related information contained in the message, the message analysis module of the terminal judges whether the transmitted instant communication message contains the information of the combination of any one or more of a user password, an account and a verification code and the valid time, and when the transmitted instant communication message contains the information of the combination of any one or more of the user password, the account and the verification code and the valid time, the newly transmitted instant communication message is stored in a private repository of the terminal, otherwise, the newly transmitted instant communication message is stored in a conventional repository of the terminal; when information containing any one or more of these in combination with the validity time and when an installed application attempts to access the incoming instant messaging message, the rights management module verifies whether the application has access rights to the incoming instant messaging message, (i) if not, the rights management module notifies the terminal's private store not to send the new incoming instant messaging message to the application, and (ii) if so, the rights management module sends an application's read request for a message in the private store to the private store, and the rights management module notifies the terminal's message analysis module to determine whether the current time period is in the stored valid read period for the new incoming instant messaging message, and when in the stored valid read period for the new incoming instant messaging message, the new incoming instant messaging message stored therein is sent by the private store to the application, otherwise, when the user is not in the effective reading period of the newly-transmitted instant messaging message, namely in the reading prohibition period of the newly-transmitted instant messaging message, the privacy repository refuses to send the newly-transmitted instant messaging message stored in the privacy repository to the application program until the reading prohibition period is removed, and at the moment, even if the application program tries to read the private information successfully, the application program exceeds the accessible effective reading period of the newly-transmitted instant messaging message along with the passing of time, so that even if the application program reads the private information, the application program cannot attack the terminal due to the passing of the effective period, and the stealing and the leakage of the private information of the terminal by a malicious application program are greatly reduced; and when storing the new incoming instant messenger message into the regular repository of the terminal and when the installed application attempts to access the incoming instant messenger message, the rights management module verifies whether the application has access rights to the incoming instant messenger message, (i) if not, the rights management module notifies the regular repository of the terminal not to send the new incoming instant messenger message to the application, and (ii) if having access rights, the rights management module sends a read request of the application for the message in the regular repository to the regular repository and the new incoming instant messenger message stored therein is sent by the regular repository to the application.
The above-mentioned technical terms are conventional technical terms having ordinary meanings in the art, and are not further explained herein in order not to obscure the point of the present invention.
In summary, in the technical solution of the present invention, by using a big data analysis method and system based on a terminal, it is able to utilize big data and information security technology to perform security detection on an application program in an installation stage, and intercept the application program that is harmful to the terminal, and confirm and block its source; the method and the device have the advantages that the privacy information of the terminal is encrypted, the privacy information is read through reasonable management and is ensured not to exceed the preset authority for legal access, and unreasonable access of the application program to the privacy program is avoided through time setting or authority blocking setting for illegal access. By the method and the system, the safety of the system can be realized based on big data and authority management, and the safety of downloading, running and data access of the application program on the terminal is finally ensured.
It will be understood that: the examples and embodiments of the invention may be implemented in hardware, software, or a combination of hardware and software. As mentioned above, any body performing this method may be stored, for example, in the form of volatile or non-volatile storage, for example, a storage device, like a ROM, whether erasable or rewritable or not, or in the form of memory, such as for example a RAM, a memory chip, a device or an integrated circuit, or on an optically or magnetically readable medium, such as for example a CD, a DVD, a magnetic disk or a magnetic tape. It will be understood that: storage devices and storage media are examples of machine-readable storage suitable for storing one or more programs that, when executed, implement examples of the present invention. Examples of the present invention may be conveyed electronically via any medium, such as a communications signal carried by a wired or wireless coupling, and the examples contain the same where appropriate.
It should be noted that: the invention solves the problems that the security detection is carried out on the application program in the installation stage by utilizing big data and information security technology, the harmful application program of the terminal is intercepted, and the source of the harmful application program is confirmed and blocked; the method and the device have the advantages that the privacy information of the terminal is encrypted, the privacy information is read through reasonable management and is ensured not to exceed the preset authority for legal access, and unreasonable access of the application program to the privacy program is avoided through time setting or authority blocking setting for illegal access. By the method and the system, the safety of the system can be realized based on big data and authority management, and the technical problems of downloading, running and data access safety of the application program on the terminal are finally ensured. Furthermore, the solution claimed in the appended claims has utility since it can be manufactured or used in industry.
The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A big data analysis method based on a terminal comprises the following steps:
step S1, the terminal searches the needed application program via wireless network and obtains the name and/or IP information of the resource server containing the application program;
step S2, the terminal sends the name and/or IP information of the resource server to the judgment server to confirm whether the server is malicious or not;
in step S3, the terminal performs a corresponding operation according to the result of determining whether the server confirms malicious or not based on the big data: blocking a communication link with the resource server if malicious and continuing to try the other resource servers acquired in step S1 and sequentially performing steps S2 and S3 until the determination server confirms non-malicious or the number of attempts reaches a user preset number; if the application program is not malicious, selecting whether to download or directly download the application program by the user;
step S4, the downloaded terminal installs the application program and extracts the information, signs the application program, and sends the extracted information to the judgment server for security authentication;
step S5, the terminal determines whether to keep the application program in the terminal or uninstall the application program according to the security authentication result of the judgment server based on the big data; when the application program is reserved, giving a unique authority to the application program, and when the application program is uninstalled, sending information of the application program to a judgment server to update a database for big data analysis, judgment and confirmation;
step S6, when the application program is executed on the terminal, the operation parameter is obtained and analyzed;
step S7, further determining whether to keep the application program in the terminal or uninstall the application program based on the result of the analysis, and sending the information of the application program to the decision server to update the database for big data analysis, decision and confirmation;
wherein the step S4 further includes: in the step that the terminal installs the application program and extracts the information of the application program after downloading, signs the application program, and sends the extracted information to the judgment server for security authentication, wherein in the process of installing the application program, the terminal changes the file suffix name of the application program to decompress the file suffix name so as to obtain a first file which is included in the file and is formed by compiling and tool packaging, obtains a transformation tool to copy the class file including the class name to a first directory position, and generates packet data in the application program through a class conversion command at the first directory position; acquiring a called function by traversing a database function of the grouped data, and determining the behavior attribute of the called function by the behavior information of the called function, wherein the behavior information comprises access behavior information, creation process behavior information, operation registry behavior information, behavior information for applying for calling identifiers and authorities of other application programs, installation behavior information, compression packaging behavior information and mobile data transmission behavior information, and the behavior attribute comprises maliciousness or not; determining a behavior execution path of the called function according to the behavior attribute, recording the execution path as a part of the extracted information, uploading the execution path to a judgment server in the subsequent steps, and analyzing part or all of the execution path and path big data based on byte codes in the judgment server to further perform security authentication; during the process of signature processing of the application program by the terminal, acquiring all files in the application program based on the decompressed application program; calculating summary information of a file of a first type by using a secure hash algorithm, encoding the summary information, storing an encoded value into a first file of a second type different from the first type, generating a set of signature information by using the summary information and private key information previously stored in the first file of the second type, storing the signature information and a public key into a first position in a second file of the second type different from the first file, and storing the signature information and the public key into a second position in the second file, wherein the first type and the second type relate to files of different directory types;
step S5 further includes: the terminal receives a security authentication result of the judgment server based on the big data, further determines whether the server is malicious or not based on the result, unloads the application program when the server is malicious, reserves the application program in the terminal when the server is safe, and displays risk prompt information to a user on a display screen to enable the user to know security attributes and select unloading or reserving when the server is to be timed; when the application program is reserved, the application program is endowed with the authority, wherein the authority comprises a storage authority, a photographing authority, a microphone use authority, a recording authority, a terminal sensor calling authority, a short message reading and sending authority, a telephone dialing authority, an authority for identifying a SIM card number installed in a terminal, an authority for reading an address book, an authority for reading user motion data, an authority for starting a mobile operator communication network connection authority, a wireless fidelity connection authority, an authority for reading other application programs and an authority for reading communication records of instant messaging software, and the authority is endowed with an enabling authority or a disabling authority; when the uninstall is determined, sending the information of the application program to a judgment server to update a database for big data analysis, judgment and confirmation in the judgment server;
in step S6, when the application program is executed on the terminal, the operation parameters are obtained and analyzed, wherein the method comprises executing the application program, obtaining behavior parameters in the operation process of the application program, monitoring creation operation of portable execution files in the application program, determining creation subject of the portable execution files, establishing corresponding relation between the portable execution files and the creation subject in a terminal memory, using a simulation tool to operate and simulate operation of a terminal user by itself to obtain log file records and network data packet file records, after the simulation tool is finished and network links are opened and connected and data communication is finished, storing the log file records and the network data packet file records in a first storage location, analyzing the log file records and the network data packet file records, wherein feature extraction is used for quantifying features of the log file records and the network data packet file records, converting authority strings, L and UR strings into a second storage location data record, and performing analysis on the security information of the application program, and determining whether the security analysis of the application program records and the network data packet file records are used as a second storage, and when the application program installation results are selected and used as a second security analysis result, and the relevant signature of the relevant signature is used as a second storage database, and the relevant signature for verifying that the relevant signature of the relevant application program is selected and the relevant signature of the relevant application program, and the relevant signature is used as a second storage database, and the relevant signature of the relevant signature to be used as a second storage database, and the relevant signature for verifying that the relevant signature of the relevant security analysis of the relevant signature of the relevant security analysis when the relevant signature of the relevant security analysis of the relevant terminal and the relevant terminal when the relevant application program, and the relevant signature of the relevant signature and the relevant signature of the relevant terminal, and the relevant signature of the relevant application program, and the relevant signature.
2. The terminal-based big data analysis method of claim 1, wherein in the step S4, extracting the information further comprises extracting other parts of the information, specifically renaming and decompressing the file of the application program as a file with a suffix name in a compressed package form to obtain the first configuration file, and converting the first configuration file into an operable text format using the first open source software; decompiling a binary source code file in the decompressed result by using second open-source software; restoring the binary source code file by using third open source software to obtain the source code of the file of the application program; scanning source codes of files based on application programs by using a matching algorithm, counting specified keywords, acquiring the number and corresponding positions of the specified keywords in class files, storing the quantity and corresponding positions by using a matrix, and calculating the similar distance between every two keywords based on a distance algorithm; classifying the keywords based on the similar distance, taking each keyword in the matrix as a root node, gathering the keywords with high similarity with each node, comparing the gathered keywords with the stored matrix of the position where the keywords are located, removing the keywords in different categories, and further classifying and storing the keywords; comparing the characteristics of the security application program stored in the characteristic database in the terminal with the characteristics stored in a classified manner, and removing the security characteristics contained in the characteristics of the application program so as to avoid increasing the information processing amount, increasing the information processing time and power consumption and wasting the limited processing resources of the terminal; the data categorized storing and de-characterizing is sent to the decision server for security authentication as the other part of the extracted information, along with other information.
3. The terminal-based big data analysis method of claim 2, wherein the method further comprises:
and step S8, when the application program requests to access the user privacy data on the terminal, the terminal confirms the access authority according to the authority configuration table and executes the corresponding operation.
4. The terminal-based big data analysis method of claim 3, wherein the method further comprises:
when a new instant messenger message is introduced by the terminal and the application requests access, the terminal enables or disables access to the application based on the access setting, step S9.
5. The terminal-based big data analysis method of claim 4, wherein the step S1 further comprises: searching through a search engine by inputting a name of a desired application directly via a browser installed at a terminal; or in the current non-browser application, the user presses the screen for a long time by fingers, an option for selecting characters appears on the screen, the user selects and highlights all or part of the names of the application programs, clicks a search button appearing on the screen after selection, and clicks the search button to appear one or more selection icons of the browser for selection, and the search is performed after the corresponding browser icon is selected.
6. The terminal-based big data analysis method of claim 4, wherein the step S1 further comprises: in an instant messenger application embedded with a browser, an embedded browser is called to perform a search by a long press of a screen with a finger of a user and a selection of a character appears on the screen, by selecting and highlighting all or part of a name of an application and clicking a search button appearing on the screen after selection, or by a search icon in a non-browser application to appear an input box on the screen and by inputting a desired application name to call the embedded browser to perform a search.
7. The terminal-based big data analysis method according to any one of claims 5-6, wherein: after searching for a desired application via a wireless network, a name and/or an IP address for identifying a resource server containing the application is acquired according to the result.
8. The terminal-based big data analysis method of claim 1, wherein the step S2 further comprises: the terminal selects any one or two of the name and/or IP information of the resource server, packages the selected resource server in a packet to be transmitted in a fixed packet transmission format, sets the header of the packet as a request attribute, terminates the packet after the selected resource server is identified by a fixed terminator so as to facilitate the identification of the judgment server, and then sends the packet to the judgment server through a wireless link for confirmation of maliciousness or not.
9. The terminal-based big data analysis method of claim 1, wherein the step S3 further comprises: the method comprises the steps that a database used for big data analysis, confirmation and judgment is arranged inside a judgment server, safety attribute information of an application program of a terminal is stored in the database and comprises malicious, safe and pending states, the safety attribute information is updated based on time, and the updating mode is carried out through any one of a user uploading mode and an information center notification mode; the method comprises the steps that a judgment server receives a packet transmitted by a terminal, extracts any one or both of the name and/or IP information of a resource server in the packet based on a preset packet splitting rule, inputs the name and/or the IP information into an internally arranged database for information matching, packages the results of the safety, malicious or undetermined safety attribute information when a matching item conforming to safety or malicious and no matching are confirmed to be detected, and transmits the results to the terminal through a wireless link; the terminal receives the packet and splits the packet, extracts the security attribute information in the packet, if the packet is malicious, blocks the communication link with the resource server, and continues to try the other resource servers obtained in the step S1 and sequentially executes the steps S2 and S3 until the judgment server confirms that the packet is not malicious or the number of attempts reaches the preset number of users; if the application program is safe, the application program is directly downloaded by the user, if the application program is pending, the user selects whether to download the application program, if the application program is downloaded, the subsequent steps are carried out, if the application program is not downloaded, whether to directly exit the method or to continuously try other resource servers obtained in the step S1, and the steps S2 and S3 are sequentially executed until the server is determined to confirm that the safety attribute meeting the user requirement is met or the number of the try times reaches the preset number of times of the user.
10. A big data analysis system based on a terminal comprises the terminal and a judgment server, wherein the terminal comprises: the system comprises a processor, a right management module, an interpretation engine, a message analysis module, a private repository and a conventional repository; a database for big data analysis, confirmation and judgment is arranged in the judgment server; the terminal-based big data analysis system is used for executing the terminal-based big data analysis method of claim 9.
CN201910336086.8A 2019-04-24 2019-04-24 Big data analysis method and system based on terminal Active CN110071924B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910336086.8A CN110071924B (en) 2019-04-24 2019-04-24 Big data analysis method and system based on terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910336086.8A CN110071924B (en) 2019-04-24 2019-04-24 Big data analysis method and system based on terminal

Publications (2)

Publication Number Publication Date
CN110071924A CN110071924A (en) 2019-07-30
CN110071924B true CN110071924B (en) 2020-07-31

Family

ID=67368716

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910336086.8A Active CN110071924B (en) 2019-04-24 2019-04-24 Big data analysis method and system based on terminal

Country Status (1)

Country Link
CN (1) CN110071924B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110801630B (en) * 2019-11-04 2023-07-25 网易(杭州)网络有限公司 Method, device, equipment and storage medium for determining cheating program
CN111092993B (en) * 2020-03-20 2020-06-30 北京热云科技有限公司 Method and system for detecting hijacking behavior of apk file
CN112613035A (en) * 2020-12-18 2021-04-06 深圳市安络科技有限公司 Ios system-based app security detection method, device and equipment
CN114866532B (en) * 2022-04-25 2023-11-10 安天科技集团股份有限公司 Method, device, equipment and medium for uploading security check result information of endpoint file

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368987B (en) * 2012-03-27 2017-02-08 百度在线网络技术(北京)有限公司 Cloud server, application program verification, certification and management system and application program verification, certification and management method
CN103019938B (en) * 2012-12-26 2016-12-28 北京搜狐新媒体信息技术有限公司 A kind of method and device in the application of local test cloud platform
CN103927476B (en) * 2014-05-07 2017-09-15 上海联彤网络通讯技术有限公司 Realize the intelligence system and method for application program rights management
CN104318153B (en) * 2014-09-30 2017-06-23 北京金和软件股份有限公司 It is a kind of to monitor the system that mobile device downloads Mobile solution on-line
CN104715196B (en) * 2015-03-27 2017-05-31 北京奇虎科技有限公司 The Static Analysis Method and system of smart mobile phone application program
CN104850779A (en) * 2015-06-04 2015-08-19 北京奇虎科技有限公司 Safe application program installing method and safe application program installing device
CN105095696B (en) * 2015-06-25 2018-10-16 三星电子(中国)研发中心 Method, system and the equipment of safety certification are carried out to application program
CN105975849A (en) * 2016-05-04 2016-09-28 深圳市永兴元科技有限公司 Security installation method and system of application software
CN106548074A (en) * 2016-12-09 2017-03-29 江苏通付盾科技有限公司 Application program analyzing monitoring method and system
CN107908953A (en) * 2017-11-21 2018-04-13 广东欧珀移动通信有限公司 Notifications service control method, device, terminal device and storage medium
CN107871080A (en) * 2017-12-04 2018-04-03 杭州安恒信息技术有限公司 The hybrid Android malicious code detecting methods of big data and device

Also Published As

Publication number Publication date
CN110071924A (en) 2019-07-30

Similar Documents

Publication Publication Date Title
CN110071924B (en) Big data analysis method and system based on terminal
CN110084064B (en) Big data analysis processing method and system based on terminal
CN103679031B (en) A kind of immune method and apparatus of file virus
US8635691B2 (en) Sensitive data scanner
CN110046494B (en) Big data processing method and system based on terminal
KR101143999B1 (en) Apparatus and method for analyzing application based on application programming interface
CN107247902B (en) Malicious software classification system and method
KR20150044490A (en) A detecting device for android malignant application and a detecting method therefor
CN106529294B (en) A method of determine for mobile phone viruses and filters
CN108763951B (en) Data protection method and device
CN112084497A (en) Method and device for detecting malicious program of embedded Linux system
KR102180098B1 (en) A malware detecting system performing monitoring of malware and controlling a device of user
CN109460653B (en) Rule engine based verification method, verification device, storage medium and apparatus
JP5478390B2 (en) Log extraction system and program
CN103488947A (en) Method and device for identifying instant messaging client-side account number stealing Trojan horse program
CN109800569A (en) Program identification method and device
CN111563015A (en) Data monitoring method and device, computer readable medium and terminal equipment
CN113326045B (en) Interface code generation method based on design file
CN109145589B (en) Application program acquisition method and device
CN103067246A (en) Method and apparatus used for processing file received based on instant communication service
CN104484598A (en) Method and device for protecting safety of intelligent terminal
Feichtner et al. Obfuscation-resilient code recognition in Android apps
JP5478384B2 (en) Application determination system and program
KR101605783B1 (en) Malicious application detecting method and computer program executing the method
US9584537B2 (en) System and method for detecting mobile cyber incident

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200709

Address after: No.368, Menghu commercial and residential building, No.318, Youyi Avenue, Wuchang District, Wuhan City, Hubei Province

Applicant after: Wuhan Wufang Information Service Co., Ltd

Address before: 510000 A30 house 68 (1), Nanxiang Road, Whampoa District, Guangzhou, Guangdong.

Applicant before: GUANGZHOU ZHIHONG TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant