CN110096874A - Program page security alarm method, apparatus, computer equipment and storage medium - Google Patents
Program page security alarm method, apparatus, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110096874A CN110096874A CN201910198863.7A CN201910198863A CN110096874A CN 110096874 A CN110096874 A CN 110096874A CN 201910198863 A CN201910198863 A CN 201910198863A CN 110096874 A CN110096874 A CN 110096874A
- Authority
- CN
- China
- Prior art keywords
- program
- page
- application
- preset
- white list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 74
- 230000015654 memory Effects 0.000 claims description 38
- 230000006870 function Effects 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 21
- 238000009434 installation Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 7
- 230000000694 effects Effects 0.000 abstract description 16
- 238000012544 monitoring process Methods 0.000 abstract description 14
- 230000010354 integration Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 17
- 230000006854 communication Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 9
- 238000011156 evaluation Methods 0.000 description 8
- 230000008859 change Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The invention discloses a kind of program page security alarm method, apparatus, computer equipment and storage mediums, comprising: the display state of the first program of monitor terminal front stage operation, to judge whether the corresponding first program page of first program is capped;When the first program page is capped, obtain the second program page being covered on the first program page, and corresponding second program of the second program page is compared with preset program white list, to judge that second program whether there is in the preset program white list;When second program is not present in the preset program white list, Xiang Suoshu terminal sends security alarm information.The present invention avoids and is judged one by one the life cycle of activity object, using simple by monitoring each of the operation program page;Solves third party's integration problem that activity can not be modified, it is mixed in together with page logic to avoid monitoring logic, so that page switching not Caton.
Description
Technical field
The present invention relates to internet security technical fields, specifically, the present invention relates to a kind of program page security alarms
Method, apparatus, computer equipment and storage medium.
Background technique
With the rapid development of Internet technology, more and more such as Web banks, net for relying on carrier network to use
The network application in upper store or the like occurs in people's lives, provides a kind of quick convenient life style for people.But
It is, since the interests driving of click access behavior of the user on network is increasing, to lead to the general of various Pagejack behaviors
Excessively, meeting Pagejack is easy to cause userspersonal information to leak or be stolen, and damages the personal safety as well as the property safety of user.Moreover,
The monitoring page in the related technology, monitoring process complexity is cumbersome, and monitoring logic is easy mixed in together with page logic, causes
Monitoring logic may influence the execution of normal page logic, influence the performance of handoffs of the page.
Summary of the invention
The purpose of the present invention aims to solve at least one of above-mentioned technological deficiency, especially userspersonal information is easy to cause to let out
It leaks or is stolen, damage the technological deficiency of the personal safety as well as the property safety of user.
In order to solve the above technical problems, the present invention provides a kind of program page security alarm methods, comprising the following steps:
The display state of first program of monitor terminal front stage operation, to judge corresponding first program of first program
Whether the page is capped;
When the first program page is capped, the second program page being covered on the first program page is obtained
Face, and corresponding second program of the second program page is compared with preset program white list, described in judgement
Second program whether there is in the preset program white list;
When second program is not present in the preset program white list, Xiang Suoshu terminal sends security alarm
Information.
Optionally, the display state of the first program of the monitor terminal front stage operation, to judge first program pair
The step whether first program page answered is capped, further includes:
One is created in the object of the Application class in first program is built-in with onTrimMemory readjustment
The Application derived class of function, and initialization is carried out to the global variable value in the Application derived class and is set
It sets;
Whether the global variable value monitored in the Application derived class changes, to realize to first program
Carry out global monitoring;
When the global variable value in the Application derived class changes, call the Application after
The onTrimMemory call back function in class is held, to judge whether the corresponding first program page of first program is capped.
Optionally, the onTrimMemory call back function in the Application derived class is called, to judge described
When whether the corresponding first program page of one program is capped, further includes:
Identify the memory use state of first program;
When the memory use state of first program is hidden for all UI components in low memory and process, sentence
The corresponding first program page of first program of breaking is capped.
Optionally, described to compare corresponding second program of the second program page with preset program white list
It is right, to judge second program with the presence or absence of the step in the preset program white list, further includes:
Obtain the corresponding application package name of second program;
The preset program white list is traversed according to the application package name, to judge that the application package name is
It is no to be present in the preset program white list.
Optionally, comprise at least one of the following application program in the preset program white list: the system in terminal is answered
Reach the third party application of terminal preset threshold with program and confidence level.
Optionally, corresponding second program of the second program page is being compared with preset program white list
Before, further includes:
Obtain the mounted program listing of terminal;
Application program in described the application list is identified, to judge whether the application program is that system is answered
Use program;
When the application program is system application, the system application is added to the white name of preset program
Dan Zhong, to generate the preset program white list.
Optionally, corresponding second program of the second program page is being compared with preset program white list
Before, further includes:
Collect third party application;
The confidence level of the third party application is calculated according to preset confidence level computation rule, and judges the third
Whether the confidence level of square application program reaches preset believability threshold;
When the confidence level of the third party application reaches preset believability threshold, by the third-party application journey
Sequence is added in preset program white list, to generate the preset program white list.
In order to solve the above technical problems, the present invention also provides a kind of program page security alarm devices, comprising:
Monitor module, the display state of the first program for monitor terminal front stage operation, to judge first program
Whether the corresponding first program page is capped;
Processing module, for when the first program page is capped, acquisition to be covered on the first program page
The second program page, and corresponding second program of the second program page is compared with preset program white list
It is right, to judge that second program whether there is in the preset program white list;
Execution module, for when second program is not present in the preset program white list, to the end
End sends security alarm information.
Optionally, described program Pages Security alarm device further include:
First Initialize installation submodule, for being created in the object of the Application class in first program
One is built-in with the Application derived class of onTrimMemory call back function, and in the Application derived class
Global variable value carry out Initialize installation;
First monitors submodule, for monitoring whether the global variable value in the Application derived class changes, with
It realizes and global monitoring is carried out to first program;
First calls submodule, for adjusting when the global variable value in the Application derived class changes
With the onTrimMemory call back function in the Application derived class, to judge first program corresponding first
Whether the program page is capped.
Optionally, described program Pages Security alarm device further include:
First identifies submodule, for identification the memory use state of first program;
First judging submodule is the institute in low memory and process for the memory use state when first program
When thering is UI component to be hidden, judge that the corresponding first program page of first program is capped.
Optionally, described program Pages Security alarm device further include:
First acquisition submodule, for obtaining the corresponding application package name of second program;
Second judgment submodule, for traversing the preset program white list according to the application package name, to sentence
The application package name of breaking whether there is in the preset program white list.
Optionally, in described program Pages Security alarm device, in the preset program white list include it is following at least
A kind of application program: system application and confidence level in terminal reach the third party application of terminal preset threshold.
Optionally, described program Pages Security alarm device further include:
Second acquisition submodule, for obtaining the mounted program listing of terminal;
Second identification submodule, for being identified to the application program in described the application list, described in judgement
Whether application program is system application;
First addition submodule, is used for when the application program is system application, by the system application
It is added in preset program white list, to generate the preset program white list.
Optionally, described program Pages Security alarm device further include:
First collects submodule, for collecting third party application;
Third judging submodule, for according to preset confidence level computation rule calculate the third party application can
Reliability, and judge whether the confidence level of the third party application reaches preset believability threshold;
Second addition submodule, reaches preset believability threshold for the confidence level when the third party application
When, the third party application is added in preset program white list, to generate the preset program white list.
In order to solve the above technical problems, the present invention also provides a kind of computer equipment, including memory and processor, it is described
Computer-readable instruction is stored in memory, when the computer-readable instruction is executed by the processor, so that the place
Manage the step of device executes above procedure Pages Security alarm method.
In order to solve the above technical problems, the present invention also provides a kind of storage medium for being stored with computer-readable instruction, institute
When stating computer-readable instruction and being executed by one or more processors, so that one or more processors execute the above procedure page
The step of security alarm method.
The beneficial effects of the present invention are:
The present invention passes through the display state of the first program of monitor terminal front stage operation, to judge that first program is corresponding
The first program page whether be capped;When the first program page is capped, obtains and cover the first program page
The second program page, and corresponding second program of the second program page is compared with preset program white list
It is right, to judge that second program whether there is in the preset program white list;When second program is not present in
When in the preset program white list, Xiang Suoshu terminal sends security alarm information.So, the present invention can monitor
To when having the rogue program page to be covered on above the page of terminal current operation program, security alarm letter is sent to terminal in time
Breath, to prompt user to judge whether the current operation program page is held as a hostage, and then avoids user without knowing it by it
Personal relevant information input causes userspersonal information to leak or be stolen and damage user's into the rogue program page
The appearance of the problems such as personal safety as well as the property safety.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those skilled in the art, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is the basic skills flow diagram of program page security alarm method provided in an embodiment of the present invention;
Fig. 2 is to judge whether the first program page is coated in program page security alarm method provided in an embodiment of the present invention
A kind of method flow schematic diagram when lid;
Fig. 3 is in program page security alarm method provided in an embodiment of the present invention according to onTrimMemory call back function
A kind of method flow schematic diagram when whether the first program page is capped judged;
Fig. 4 is to judge that second program whether there is in program page security alarm method provided in an embodiment of the present invention
In a kind of method flow schematic diagram of the preset program white list;
Fig. 5 is when generating preset program white list in program page security alarm method provided in an embodiment of the present invention
A kind of method flow schematic diagram;
Fig. 6 is when generating preset program white list in program page security alarm method provided in an embodiment of the present invention
Another method flow schematic diagram;
Fig. 7 is program page security alarm device basic structure block diagram provided in an embodiment of the present invention;
Fig. 8 is computer equipment basic structure block diagram provided in an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described.
In some processes of the description in description and claims of this specification and above-mentioned attached drawing, contain according to
Multiple operations that particular order occurs, but it should be clearly understood that these operations can not be what appears in this article suitable according to its
Sequence is executed or is executed parallel, and the serial number of the operation is only used for distinguishing each different operation, serial number not generation itself
Table it is any execute sequence.In addition, these processes may include more or fewer operations, and these operations can be in order
It executes or executes parallel.It should be noted that the description such as herein " first ", " second ", be for distinguish different message,
Equipment, module etc. do not represent sequencing, also do not limit " first " and " second " and are different type.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other embodiment obtained under the premise of no creative work,
It shall fall within the protection scope of the present invention.
Embodiment
Those skilled in the art of the present technique are appreciated that " terminal " used herein above, " terminal device " both include wireless communication
The equipment of number receiver, only has the equipment of the wireless signal receiver of non-emissive ability, and including receiving and emitting hardware
Equipment, have on bidirectional communication link, can execute two-way communication reception and emit hardware equipment.This equipment
It may include: honeycomb or other communication equipments, shown with single line display or multi-line display or without multi-line
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), can
With combine voice, data processing, fax and/or communication ability;PDA (Personal Digital Assistant, it is personal
Digital assistants), it may include radio frequency receiver, pager, the Internet/intranet access, web browser, notepad, day
It goes through and/or GPS (Global Positioning System, global positioning system) receiver;Conventional laptop and/or palm
Type computer or other equipment, have and/or the conventional laptop including radio frequency receiver and/or palmtop computer or its
His equipment." terminal " used herein above, " terminal device " can be it is portable, can transport, be mounted on the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured in local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal device " can also be communication terminal, on
Network termination, music/video playback terminal, such as can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or mobile phone with music/video playing function, it is also possible to the equipment such as smart television, set-top box.
The user terminal referred in the present embodiment is above-mentioned terminal.
Referring to Fig. 1, the basic skills process that Fig. 1 is program page security alarm method provided in an embodiment of the present invention is shown
It is intended to.
As shown in Figure 1, described program Pages Security alarm method, comprising the following steps:
S100: the display state of the first program of monitor terminal front stage operation, to judge first program corresponding
Whether the one program page is capped.
In the application, Activity is most basic display module, referred to as " activity ", and an Activity is usual
A corresponding individual screen.In the present embodiment, the background server of terminal passes through the first journey of monitor terminal front stage operation
All Activity objects in sequence carry out the display state of the first program of monitor terminal front stage operation, to judge described
Whether its corresponding first program page is covered one program by the second program page in the process of running.When first program
When the page is covered by the second program page, illustrate that the first program page enters running background.Second program page
Face is the corresponding program page of at least one random procedure other than the program page in first program.
S200: when the first program page is capped, the second journey being covered on the first program page is obtained
The sequence page, and corresponding second program of the second program page is compared with preset program white list, with judgement
Second program whether there is in the preset program white list.
In the present embodiment, when judging that the first program page is covered by the second program page, by the end
The background server at end obtains the second program page, then carries out identification to the second program page again and show that its is corresponding
Second program, such as you can get it described the by the header information in the corresponding page address in identification second program page face
The corresponding program information of second program corresponding to the two program pages.Identification obtain the corresponding program information of the second program it
Afterwards, according to the corresponding program information of second program, second program is compared with preset program white list, from
And judges second program and whether there is in the preset program white list.For example, according to the spy of second program
Sign identification information traverses the program in the preset program white list, and whether compare has in the preset program white list
The program consistent with the signature identification information of second program, if so, it is described pre- then to prove that second program is present in
If program white list in.The signature identification information of second program is to characterize the unique identification of second program.
S300: when second program is not present in the preset program white list, Xiang Suoshu terminal sends peace
Full warning information.
In the present embodiment, when second program is not present in the preset program white list, described in explanation
Second program may be the rogue program of intentional attack terminal, and risk is higher, at this point, being touched by the terminal background server
The alarm event built in it is sent out, Xiang Suoshu terminal foreground sends security alarm information, judges current operation with warning terminal user
Whether the program page is held as a hostage.The security alarm information can be popping up safety in the form of prompt window or call tag
Warning information is simultaneously showed in the terminal foreground.For example, being shown " after APP has entered using prompt window on the terminal foreground
The security alarm information of the printed words such as platform operation, if enter Pages Security inspection ".Moreover, when the prompt window is showed in institute
When stating terminal foreground, the terminal foreground program page is locked, operation can not be executed, when the user clicks in the prompt window
Instruction button after could restore that the function of operating can be performed, the instruction button in the prompt window includes "Yes" and "No"
Two buttons.
Program page security alarm method described in above-described embodiment is by being covered on having listened to the rogue program page
When above the page of terminal current operation program, security alarm information is sent to terminal in time, to prompt the current fortune of user's judgement
Whether the line program page is held as a hostage, and then avoids user without knowing it by the relevant information input of its people to malice
The appearance for the problems such as causing userspersonal information to leak or be stolen and damage the personal safety as well as the property safety of user in the program page.
In some embodiments, referring to Fig. 2, Fig. 2 is program page security alarm method provided in an embodiment of the present invention
A kind of middle method flow schematic diagram judged when whether the first program page is capped.
As shown in Fig. 2, the step S100 further includes step S110 to step S130.Wherein, S110: in first journey
Created in the object of Application class in sequence Application that one is built-in with onTrimMemory call back function after
Class is held, and Initialize installation is carried out to the global variable value in the Application derived class.S120: described in monitoring
Whether the global variable value in Application derived class changes, and carries out global monitoring to first program to realize.
S130: when the global variable value in the Application derived class changes, the Application is called to inherit
OnTrimMemory call back function in class, to judge whether the corresponding first program page of first program is capped.
Application class is to save global variable and the basic class that designs, as Activity and Service
When Android frame in a system component, when be located at the android system in application program launching when, system meeting
The object of an Application class corresponding with the application program is automatically created, and only creates one, for storing system
Some global informations of system.In addition, system will also create a process, so that all in the application program having been turned on
Activity can be run in the process.In this way, the global change in the object for passing through the initialization Application class
Amount, can make all Activity in the same application program that can acquire these global variables.It ought apply
Global variable value in some Activity of program changes, then other Activity's in the application program is complete
Office's variate-value can also change correspondingly.
In the present embodiment, the background server of the terminal is by the methods of override in first program
An Application derived class is created in the object of Application class, to complete in the Application derived class
Office's variate-value carries out Initialize installation, and onTrimMemory is arranged in the Application derived class of the creation and returns
Letter of transfer number, the onTrimMemory call back function is for instructing application APP to carry out memory in the case where different memories
Release.After global variable value in the Application derived class described in Initialize installation, due to some of application program
Global variable value in Activity changes, and the global variable value that will lead to other Activity also changes correspondingly, therefore,
By monitoring whether the global variable value in the Application derived class changes, first program is carried out to realize
The overall situation is monitored.When the global variable value in the Application class changes, illustrate that program is possible to meeting because of quilt at this time
Other applications cover and enter running background, at this point it is possible to by calling in the Application derived class
OnTrimMemory call back function to judge whether the corresponding first program page of first program is capped, and then determines
Whether first program enters running background.
It in the present embodiment, is the program page provided in an embodiment of the present invention security alarm side also referring to Fig. 3, Fig. 3
A kind of method flow schematic diagram when judging whether the first program page is capped according to onTrimMemory call back function in method.
As shown in figure 3, the step S130 further includes step S131 to S132.Wherein, S131: identification first program
Memory use state.S132: when the memory use state of first program is all UI groups in low memory and process
When part is hidden, judge that the corresponding first program page of first program is capped, that is, after determining that first program enters
Platform operation.
In the present embodiment, the background server of the terminal is by calling in the Application derived class
OnTrimMemory call back function, to identify the memory of first program from fine-grained Memory recycle management readjustment API
Use state, the memory use state are broadly divided into following four state: owning in application program low memory and process
UI component is hidden, application program low memory and process are in background process list, application program low memory and process
In the middle part of background process list and application program low memory and process background process list the last one, it is at once clear
Reason.Wherein, the generation of the first state representation application program is visible sexually revises and reflects application program thence into running background;And
Three kinds of states next then characterize application program and run and reflect position of the application program in background program list in the background.
When the result of onTrimMemory call back function output is that all UI components are hidden in application program low memory and process
When hiding, judge that the corresponding first program page of first program is capped, first program enters running background.
Above-described embodiment is by monitoring whether the global variable value of activity in the Application derived class becomes
Change, may be implemented to carry out first program global monitoring, avoid the Onstop Life Cycle to single activity object
Phase is monitored and is judged one by one, so that snoop procedure is simple and fast;Solve activity by third party sdk band or
Broken into aar and caused by the third party's integration problem that can not be modified;And it avoids snoop logic and mixes with page logic
Together, so that page switching not Caton.
In some embodiments, referring to Fig. 4, Fig. 4 is program page security alarm method provided in an embodiment of the present invention
Middle judgement second program whether there is in a kind of method flow schematic diagram of the preset program white list.
As shown in figure 4, told step S200 further includes step S210 to step S220.Wherein, S210: described second is obtained
The corresponding application package name of program.S220: the preset program white list is traversed according to the application package name, to sentence
The application package name of breaking whether there is in the preset program white list.
In the present embodiment, obtain the corresponding program information of the second program corresponding to the second program page it
Afterwards, by the background server of the terminal by the way that the corresponding program information of second program is input to the terminal built-in
In api interface for inquiry application packet name information, with from the api interface for inquiry application packet name information
Middle retrieval obtains the corresponding application package name of second program, then traverses further according to the application package name described pre-
If program white list, the application package name whether having in the preset program white list with second program compared
Consistent program, to judge that the application package name whether there is in the preset white name of program according to comparison result
Dan Zhong.Wherein, when having the consistent journey of application package famous prime minister with second program in the preset program white list
When sequence, then judge that second program is present in the preset program white list.
In some embodiments, by corresponding second program of the second program page and preset program white list
Before being compared, it is also necessary to generate preset program white list according to certain create-rule, with for be covered on it is described
The second program page on the first program page is compared.In the present embodiment, include in the preset program white list
The system application and confidence level of terminal reach at least one of the third party application of terminal preset threshold.
In the present embodiment, referring to Fig. 5, Fig. 5 is in program page security alarm method provided in an embodiment of the present invention
Generate a kind of method flow schematic diagram when preset program white list.
As shown in figure 5, when in the preset program white list including the system application of terminal, the step
It can also include step S400 to step S600 before S200.Wherein, S400: the mounted program listing of terminal is obtained.S500:
Application program in described the application list is identified one by one, to judge whether the application program is system application journey
Sequence.S600: when the application program is system application, the system application is added to the white name of preset program
Dan Zhong, to generate the preset program white list.
In the present embodiment, it is inquired by the background server of the terminal by all memory spaces to terminal,
The program that can be run in the terminal is obtained, and the program of the acquisition is ranked up according to application package name, is generated
Program listing, to acquire the mounted program listing of the terminal.Then, by being arranged for filtering out system application
The program of program screens logic, and screens logic according to described program and carry out one to the application program in described the application list
One identification, for example, judging the app.flags&ApplicationInfo.FLAG_SYSTEM of each application program)!Value whether be
0, if so, indicating that the application program is system application, then the application package name of the application program is obtained and records, as general
After application program in described the application list has all identified, the application program of all application programs that will acquire and record
In the preset program white list of Bao Mingzhi, to generate the preset program white list.It is in the preset program white list
The application program of safety.
In the present embodiment, referring to Figure 6 together, Fig. 6 is the program page provided in an embodiment of the present invention security alarm side
Another method flow schematic diagram when preset program white list is generated in method.
As shown in fig. 6, as the third party for reaching terminal preset threshold in the preset program white list including confidence level
It can also include step S700 to step S900 before the step S200 when application program.Wherein, S700: third party is collected
Application program.S800: the confidence level of the third party application is calculated according to preset confidence level computation rule, and judges institute
Whether the confidence level for stating third party application reaches preset believability threshold.S900: when the third party application
When confidence level reaches preset believability threshold, the third party application is added in preset program white list, with
Generate the preset program white list.
In the present embodiment, the background server of the terminal can collect third-party application by way of web crawlers
Program, and include the application package name for collecting the third party application, source when collecting third party application
The relevant informations such as company information, user's in-service evaluation, download time.The related letter of the third party application is obtained collecting
After breath, according to preset confidence level computation rule, confidence level calculating is carried out to each third party application come is collected,
After its corresponding confidence level out to be calculated, judge whether the confidence level of the calculated third party application reaches eventually
Pre-set believability threshold requirement in end.When the confidence level of the third party application reaches preset believability threshold
When, illustrate that the third party application is safe.It is obtained by terminal background server and records the third party application pair
The application package name answered, when the third party application come to all collections all judges whether its confidence level reaches in terminal
It is safe third party by the identification for being obtained and being recorded by terminal background server after pre-set believability threshold requires
Application program is added in preset program white list, to generate the preset program white list.
In the present embodiment, the preset confidence level computation rule can according to the third party application come
The relevant informations such as source company information, user's in-service evaluation, download time calculate.For example, according to above-mentioned three relevant informations point
Not Ji Suan confidence level score value, the weight that shared by the pre-set each single item relevant information of synthesis confidence level calculates finally determines
The confidence level of the calculated third party application.According to the source enterprise popularity in the third party application
Come when calculating confidence level, the preset confidence level computation rule are as follows: source popularity of enterprise is divided into five stars,
In, a star is 20 points, and two stars are 40 points, and three-star is 60 points, and four-star is 80 points, and five-star is 100 points, and source is looked forward to
Industry popularity be arranged weight be 35%, at this point, if the source enterprise popularity of the third party application be it is three-star, should
Third party application calculated confidence score in this information of source enterprise information is 21 points.According to described
User's in-service evaluation in tripartite's application program is come when calculating confidence level, the preset confidence level computation rule are as follows: will use
Family in-service evaluation is also classified into five stars, wherein a star is 20 points, and two stars are 40 points, and three-star is 60 points, four-star to be
80 points, five-star is 100 points, and user's in-service evaluation setting weight is 35%, at this point, if the use of the third party application
Family in-service evaluation is four-star, the then third party application calculated confidence level in this information of user's in-service evaluation
It is scored at 28 points.When according to the download time in the third party application to calculate confidence level, it is described it is preset can
Reliability computation rule are as follows: download time is divided into five ranks, wherein 5,000 person-times or less ranks are 20 points, 5,000-2 ten thousand person-times
Rank is 40 points, and 20,000-5 ten thousand person-times of people ranks are 60 points, and 50,000-10 ten thousand person-times of people ranks are 80 points, and 10 hundred million person-times with higher level
Wei not be 100 points, and user's in-service evaluation setting weight is 40%, at this point, if the download time of the third party application is 8
Ten thousand+person-time, then the third party application calculated confidence score in this information of download time is 28 points.It is comprehensive
Three relevant informations show that the confidence level of the third party application is 77 points, at this point, can if pre-set in terminal
Confidence threshold is 75 points, then 77 points of > 75 divide, and judge that the confidence level of the third party application reaches preset confidence level threshold
Value, that is, illustrate that the third party application is safe.
The embodiment of the present invention also provides a kind of program page security alarm device to solve above-mentioned technical problem.Please specifically it join
Fig. 7 is read, Fig. 7 is program page security alarm device basic structure block diagram provided in an embodiment of the present invention.
As shown in fig. 7, a kind of program page security alarm device, comprising: monitor module, processing module and execute mould
Block.Wherein, the display state monitored module and be used for the first program of monitor terminal front stage operation, to judge first journey
Whether the corresponding first program page of sequence is capped;The processing module is used to obtain when the first program page is capped
Take the second program page being covered on the first program page, and by corresponding second program of the second program page
It is compared with preset program white list, to judge that second program whether there is in the preset program white list
In;The execution module is used for the Xiang Suoshu terminal when second program is not present in the preset program white list
Send security alarm information.
Program page security alarm device described in above-described embodiment is by being covered on having listened to the rogue program page
When above the page of terminal current operation program, security alarm information is sent to terminal in time, to prompt the current fortune of user's judgement
Whether the line program page is held as a hostage, and then avoids user without knowing it by the relevant information input of its people to malice
The appearance for the problems such as causing userspersonal information to leak or be stolen and damage the personal safety as well as the property safety of user in the program page.
In some embodiments, described program Pages Security alarm device further include: the first Initialize installation submodule,
One, which monitors submodule and first, calls submodule.Wherein, the first Initialize installation submodule is used in first program
In Application class object in the Application that is built-in with onTrimMemory call back function of creation one inherit
Class, and Initialize installation is carried out to the global variable value in the Application derived class;Described first, which monitors submodule, uses
Whether change in the global variable value monitored in the Application derived class, first program is carried out entirely with realizing
Office monitors;Described first calls submodule to be used for when the global variable value in the Application derived class changes,
The onTrimMemory call back function in the Application derived class is called, to judge first program corresponding
Whether the one program page is capped.
In some embodiments, described program Pages Security alarm device further include: the first identification submodule and first is sentenced
Disconnected submodule.Wherein, the memory use state of the first identification submodule first program for identification;Described first sentences
Disconnected submodule is used to be hidden when the memory use state of first program for all UI components in low memory and process
When, judge that the corresponding first program page of first program is capped.
In some embodiments, described program Pages Security alarm device further include: the first acquisition submodule and second is sentenced
Disconnected submodule.Wherein, first acquisition submodule is for obtaining the corresponding application package name of second program;Described
Two judging submodules are used to traverse the preset program white list according to the application package name, described using journey to judge
Sequence packet name whether there is in the preset program white list.
In some embodiments, in described program Pages Security alarm device, include in the preset program white list
Following at least one application program: the third party that system application and confidence level in terminal reach terminal preset threshold answers
Use program.
In some embodiments, described program Pages Security alarm device further include: the second acquisition submodule, the second identification
Submodule and the first addition submodule.Wherein, second acquisition submodule is for obtaining the mounted program listing of terminal;Institute
The second identification submodule is stated for identifying to the application program in described the application list, to judge the application program
It whether is system application;The first addition submodule is used for when the application program is system application, by institute
It states system application to be added in preset program white list, to generate the preset program white list.
In some embodiments, described program Pages Security alarm device further include: first collects submodule, third judgement
Submodule and the second addition submodule.Wherein, the first collection submodule is for collecting third party application;The third
Judging submodule is used to calculate the confidence level of the third party application according to preset confidence level computation rule, and judges institute
Whether the confidence level for stating third party application reaches preset believability threshold;The second addition submodule is used for when described
When the confidence level of third party application reaches preset believability threshold, the third party application is added to preset
In program white list, to generate the preset program white list.
In order to solve the above technical problems, the embodiment of the invention also provides a kind of computer equipments.Referring specifically to Fig. 8,
Fig. 8 is computer equipment basic structure block diagram provided in an embodiment of the present invention.
As shown in figure 8, the schematic diagram of internal structure of computer equipment.As shown in figure 8, the computer equipment includes passing through to be
Processor, non-volatile memory medium, memory and the network interface of bus of uniting connection.Wherein, the computer equipment is non-easy
The property lost storage medium is stored with operating system, database and computer-readable instruction, can be stored with control information sequence in database
Column, when which is executed by processor, may make processor to realize a kind of program page security alarm method.It should
The processor of computer equipment supports the operation of entire computer equipment for providing calculating and control ability.The computer is set
It can be stored with computer-readable instruction in standby memory, when which is executed by processor, may make processing
Device executes a kind of program page security alarm method.The network interface of the computer equipment is used for and terminal connection communication.Ability
Field technique personnel are appreciated that structure shown in Fig. 8, only the block diagram of part-structure relevant to application scheme, and
The restriction for the computer equipment being applied thereon to application scheme is not constituted, and specific computer equipment may include than figure
Shown in more or fewer components, perhaps combine certain components or with different component layouts.
In the present embodiment, the processor monitors module 10, processing module 20 and execution module 30 for executing in Fig. 7
Concrete function, and the memory is stored with program code and Various types of data needed for executing above-mentioned module.The network connects
Mouth to the data between user terminal or server for transmitting.Memory in the present embodiment is stored with program Pages Security announcement
Program code needed for executing all submodules in alarm device and data, server are capable of the program code and number of invoking server
According to the function of executing all submodules.
Computer equipment described in above-described embodiment is by currently transporting having listened to the rogue program page and be covered on terminal
When above the page of line program, security alarm information is sent to terminal in time, to prompt user to judge the current operation program page
Whether it is held as a hostage, and then avoids user without knowing it by the relevant information input of its people into the rogue program page
And the appearance for the problems such as causing userspersonal information to leak or be stolen and damage the personal safety as well as the property safety of user.
The present invention also provides a kind of storage mediums for being stored with computer-readable instruction, and the computer-readable instruction is by one
When a or multiple processors execute, so that one or more processors execute any of the above-described embodiment described program Pages Security and accuse
The step of alarm method.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, which can be stored in a computer-readable storage and be situated between
In matter, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, storage medium above-mentioned can be
The non-volatile memory mediums such as magnetic disk, CD, read-only memory (Read-Only Memory, ROM) or random storage note
Recall body (Random Access Memory, RAM) etc..
It should be understood that although each step in the flow chart of attached drawing is successively shown according to the instruction of arrow,
These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps
Execution there is no stringent sequences to limit, can execute in the other order.Moreover, at least one in the flow chart of attached drawing
Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps
Completion is executed, but can be executed at different times, execution sequence, which is also not necessarily, successively to be carried out, but can be with other
At least part of the sub-step or stage of step or other steps executes in turn or alternately.
The above is only some embodiments of the invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (10)
1. a kind of program page security alarm method, which comprises the following steps:
The display state of first program of monitor terminal front stage operation, to judge the corresponding first program page of first program
Whether it is capped;
When the first program page is capped, the second program page being covered on the first program page is obtained, and
Corresponding second program of the second program page is compared with preset program white list, to judge second journey
Sequence whether there is in the preset program white list;
When second program is not present in the preset program white list, Xiang Suoshu terminal sends security alarm letter
Breath.
2. program page security alarm method according to claim 1, which is characterized in that the monitor terminal front stage operation
The first program display state, to judge step that whether the corresponding first program page of first program is capped, also
Include:
One, which is created, in the object of the Application class in first program is built-in with onTrimMemory call back function
Application derived class, and in the Application derived class global variable value carry out Initialize installation;
Whether the global variable value monitored in the Application derived class changes, and is carried out with realizing to first program
The overall situation is monitored;
When the global variable value in the Application derived class changes, the Application derived class is called
In onTrimMemory call back function, to judge whether the corresponding first program page of first program is capped.
3. program page security alarm method according to claim 2, which is characterized in that call the Application
OnTrimMemory call back function in derived class, to judge whether the corresponding first program page of first program is capped
When, further includes:
Identify the memory use state of first program;
When the memory use state of first program is hidden for all UI components in low memory and process, institute is judged
It is capped to state the corresponding first program page of the first program.
4. program page security alarm method according to claim 1, which is characterized in that described by second program page
Corresponding second program in face is compared with preset program white list, to judge that second program whether there is in described
Step in preset program white list, further includes:
Obtain the corresponding application package name of second program;
The preset program white list is traversed according to the application package name, to judge whether the application package name deposits
It is in the preset program white list.
5. program page security alarm method according to claim 1, which is characterized in that the preset program white list
In comprise at least one of the following application program: system application and confidence level in terminal reach the of terminal preset threshold
Tripartite's application program.
6. program page security alarm method according to claim 5, which is characterized in that by the second program page
Before corresponding second program is compared with preset program white list, further includes:
Obtain the mounted program listing of terminal;
Application program in described the application list is identified, to judge whether the application program is system application journey
Sequence;
When the application program is system application, the system application is added to preset program white list
In, to generate the preset program white list.
7. program page security alarm method according to claim 5, which is characterized in that by the second program page
Before corresponding second program is compared with preset program white list, further includes:
Collect third party application;
The confidence level of the third party application is calculated according to preset confidence level computation rule, and judges that the third party answers
Whether reach preset believability threshold with the confidence level of program;
When the confidence level of the third party application reaches preset believability threshold, the third party application is added
It adds in preset program white list, to generate the preset program white list.
8. a kind of program page security alarm device characterized by comprising
Monitor module, the display state of the first program for monitor terminal front stage operation, to judge that first program is corresponding
The first program page whether be capped;
Processing module, for when the first program page is capped, obtaining be covered on the first program page the
The two program pages, and corresponding second program of the second program page is compared with preset program white list, with
Judge that second program whether there is in the preset program white list;
Execution module, for when second program is not present in the preset program white list, Xiang Suoshu terminal to be sent out
Send security alarm information.
9. a kind of electronic equipment, including memory and processor, computer-readable instruction, the meter are stored in the memory
When calculation machine readable instruction is executed by the processor, so that the processor executes described in 1 to 7 any one of the claims
Program page security alarm method.
10. a kind of storage medium for being stored with computer-readable instruction, the computer-readable instruction is handled by one or more
When device executes, so that one or more processors execute program described in any one of the claims 1 to 7 claim
Pages Security alarm method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910198863.7A CN110096874A (en) | 2019-03-15 | 2019-03-15 | Program page security alarm method, apparatus, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910198863.7A CN110096874A (en) | 2019-03-15 | 2019-03-15 | Program page security alarm method, apparatus, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110096874A true CN110096874A (en) | 2019-08-06 |
Family
ID=67443071
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910198863.7A Pending CN110096874A (en) | 2019-03-15 | 2019-03-15 | Program page security alarm method, apparatus, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110096874A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114463730A (en) * | 2021-07-15 | 2022-05-10 | 荣耀终端有限公司 | Page identification method and terminal equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150281260A1 (en) * | 2013-03-07 | 2015-10-01 | Inquest | Integrated network threat analysis |
| US20150286485A1 (en) * | 2012-12-20 | 2015-10-08 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus, and system for human-machine interaction |
| CN107707768A (en) * | 2017-10-27 | 2018-02-16 | 广东欧珀移动通信有限公司 | The processing method and Related product of running game application |
| CN107995156A (en) * | 2017-10-18 | 2018-05-04 | 东软集团股份有限公司 | Pagejack processing method and processing device, storage medium, electronic equipment |
| CN108196930A (en) * | 2018-01-18 | 2018-06-22 | 腾讯科技(深圳)有限公司 | Applied program processing method, device, storage medium and computer equipment |
| CN108345486A (en) * | 2018-01-31 | 2018-07-31 | 上海连尚网络科技有限公司 | A kind of interface covering method, equipment and readable medium |
| US20180268129A1 (en) * | 2017-03-16 | 2018-09-20 | AVAST Software s.r.o. | Detecting suspicious application overlays on a device |
| CN108920266A (en) * | 2018-06-27 | 2018-11-30 | 努比亚技术有限公司 | program switching method, intelligent terminal and computer readable storage medium |
| CN109062626A (en) * | 2018-07-09 | 2018-12-21 | 北京奇艺世纪科技有限公司 | Exchange method, device and the equipment of Web page component and Native component |
-
2019
- 2019-03-15 CN CN201910198863.7A patent/CN110096874A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150286485A1 (en) * | 2012-12-20 | 2015-10-08 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus, and system for human-machine interaction |
| US20150281260A1 (en) * | 2013-03-07 | 2015-10-01 | Inquest | Integrated network threat analysis |
| US20180268129A1 (en) * | 2017-03-16 | 2018-09-20 | AVAST Software s.r.o. | Detecting suspicious application overlays on a device |
| CN107995156A (en) * | 2017-10-18 | 2018-05-04 | 东软集团股份有限公司 | Pagejack processing method and processing device, storage medium, electronic equipment |
| CN107707768A (en) * | 2017-10-27 | 2018-02-16 | 广东欧珀移动通信有限公司 | The processing method and Related product of running game application |
| CN108196930A (en) * | 2018-01-18 | 2018-06-22 | 腾讯科技(深圳)有限公司 | Applied program processing method, device, storage medium and computer equipment |
| CN108345486A (en) * | 2018-01-31 | 2018-07-31 | 上海连尚网络科技有限公司 | A kind of interface covering method, equipment and readable medium |
| CN108920266A (en) * | 2018-06-27 | 2018-11-30 | 努比亚技术有限公司 | program switching method, intelligent terminal and computer readable storage medium |
| CN109062626A (en) * | 2018-07-09 | 2018-12-21 | 北京奇艺世纪科技有限公司 | Exchange method, device and the equipment of Web page component and Native component |
Non-Patent Citations (2)
| Title |
|---|
| JUN LI 等: "App Genome: Callback Sequencing in Android", 《2017 IEEE/ACM 39TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING COMPANION (ICSE-C)》, 28 May 2017 (2017-05-28), pages 149 - 151, XP033113059, DOI: 10.1109/ICSE-C.2017.82 * |
| 杨哲慜: "Java语言的程序漏洞检测与诊断技术", 《中国博士学位论文全文数据库 信息科技辑》, no. 3, 15 March 2015 (2015-03-15), pages 138 - 12 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114463730A (en) * | 2021-07-15 | 2022-05-10 | 荣耀终端有限公司 | Page identification method and terminal equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2017118340A1 (en) | Notification message processing method and apparatus | |
| CN109492423A (en) | Method, apparatus, computer equipment and the storage medium of sensitive information filtering | |
| CN108140088A (en) | Disable the extension of malice browser | |
| KR20190046960A (en) | A method, device and mobile terminal for associating a notification message | |
| CN111597065B (en) | Method and device for collecting equipment information | |
| CN113032766B (en) | Application authority management method and device | |
| CN111291206B (en) | Method and device for marking house source, electronic equipment and storage medium | |
| CN110471738A (en) | Method for switching theme, device, electronic equipment and the storage medium of application program | |
| CN111596971B (en) | Application cleaning method and device, storage medium and electronic equipment | |
| CN115037709B (en) | Information processing method, apparatus, electronic device and storage medium | |
| CN110796552A (en) | Risk prompting method and device | |
| US20240089223A1 (en) | Information display method and apparatus, and electronic device | |
| CN114117225A (en) | Book recommendation method and book recommendation equipment | |
| CN110096874A (en) | Program page security alarm method, apparatus, computer equipment and storage medium | |
| CN111552620B (en) | Data acquisition method, device, terminal and storage medium | |
| CN115146815A (en) | Service processing method, device, computer and readable storage medium | |
| CN105389241B (en) | The performance test methods and system of the anti-harassment instrument of mobile terminal | |
| CN111753191A (en) | Advertisement popup intercepting method and device, electronic equipment and storage medium | |
| CN110083525A (en) | Localization method, device, computer equipment and the storage medium of RAM leakage | |
| CN110717126A (en) | Page browsing method and device, electronic equipment and computer readable storage medium | |
| CN112306487A (en) | Buried point data reporting method, device, equipment and storage medium | |
| CN114461909A (en) | Information processing method, information processing apparatus, electronic device, and storage medium | |
| CN105868182B (en) | A kind of text message processing method and device | |
| CN114513527B (en) | Information processing method, terminal equipment and distributed network | |
| TWI754627B (en) | Method and device for processing notification messages |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |