CN111563015A - Data monitoring method and device, computer readable medium and terminal equipment - Google Patents
Data monitoring method and device, computer readable medium and terminal equipment Download PDFInfo
- Publication number
- CN111563015A CN111563015A CN202010296335.8A CN202010296335A CN111563015A CN 111563015 A CN111563015 A CN 111563015A CN 202010296335 A CN202010296335 A CN 202010296335A CN 111563015 A CN111563015 A CN 111563015A
- Authority
- CN
- China
- Prior art keywords
- target
- application
- newly added
- monitoring
- monitored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 103
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000003213 activating effect Effects 0.000 claims abstract description 7
- 238000004590 computer program Methods 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 8
- 230000004913 activation Effects 0.000 claims description 6
- 238000012790 confirmation Methods 0.000 claims description 3
- 238000012806 monitoring device Methods 0.000 claims 1
- 238000011982 device technology Methods 0.000 abstract description 2
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 34
- 230000008569 process Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 238000001514 detection method Methods 0.000 description 7
- 230000002452 interceptive effect Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Stored Programmes (AREA)
Abstract
The present disclosure relates to the field of electronic device technologies, and in particular, to a data monitoring method, a data monitoring apparatus, a computer-readable medium, and a terminal device. The method comprises the following steps: responding to a trigger instruction, activating a monitoring application in a target application environment, so that the monitoring application reads an application catalog of a target to be monitored in real time; when monitoring that a newly added file exists in the application directory of the target to be monitored, acquiring attribute information of the newly added file; and when the newly added file is determined to be the newly added file of the target type according to the attribute information of the newly added file, generating prompt information according to the attribute information of the newly added file of the target type, and marking the application to be monitored. The method confirms whether the target to be monitored has the hot updating function or not through the dynamic identification of the newly added file of the target type, and is beneficial to the identification of the hot updating function and the management of the corresponding application program.
Description
Technical Field
The present disclosure relates to the field of electronic device technologies, and in particular, to a data monitoring method, a data monitoring apparatus, a computer-readable medium, and a terminal device.
Background
Along with the increasing abundance of functions of intelligent terminal equipment, the dependence degree of people on the terminal equipment is also higher and higher. People can shop, talk and browse information and the like on terminal equipment such as mobile phones, tablet computers and the like through application programs. In some applications, multiple functions may be integrated, and the applications may be updated periodically or aperiodically to optimize the applications to enhance the user experience. In order to meet the functional requirements of the application program, developers of the application program increasingly use specialized SDKs (software development kits) developed by third parties to complete the functions of the application program.
However, in some prior art, most third party SDKs have hot-update functionality. Some third party SDKs utilize hot update functionality to add some malicious functionality, such as collecting user private data, downloading malicious code, and so forth. Bringing data risks to the user.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure provides a data monitoring method, a data monitoring apparatus, a computer readable medium, and a terminal device, which can dynamically identify and monitor a hot update function of an SDK, and reduce security risks.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to a first aspect of the present disclosure, there is provided a data monitoring method, comprising:
responding to a trigger instruction, activating a monitoring application in a target application environment, so that the monitoring application reads an application catalog of a target to be monitored in real time;
when monitoring that a newly added file exists in the application directory of the target to be monitored, acquiring attribute information of the newly added file;
and when the newly added file is determined to be the newly added file of the target type according to the attribute information of the newly added file, generating prompt information according to the attribute information of the newly added file of the target type, and marking the application to be monitored.
According to a second aspect of the present disclosure, there is provided a data monitoring apparatus comprising:
the activation response module is used for responding to a trigger instruction and activating the monitoring application in a target application environment so that the monitoring application can read an application catalog of a target to be monitored in real time;
the monitoring execution module is used for acquiring the attribute information of the newly added file when the newly added file exists in the application directory of the target to be monitored;
and the prompt information generation module is used for generating prompt information according to the attribute information of the newly added file of the target type and marking the application to be monitored when the newly added file is determined to be the newly added file of the target type according to the attribute information of the newly added file.
According to a third aspect of the present disclosure, a computer-readable medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, is adapted to carry out the above-mentioned data monitoring method.
According to a fourth aspect of the present disclosure, there is provided a terminal device comprising:
one or more processors;
a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the data monitoring method described above.
According to the data monitoring method provided by the embodiment of the disclosure, the file directory corresponding to the application program to be monitored is monitored in real time, so that when a new file exists in the file directory, the new file can be read and identified in real time, and whether the application to be monitored has a hot update function can be judged according to the identification result of the new file. And whether the target to be monitored has the hot updating function or not is confirmed by dynamically identifying the newly added file of the target type, so that the identification of the hot updating function and the management of the corresponding application program are facilitated.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
FIG. 1 schematically illustrates a flow diagram of a data monitoring method in an exemplary embodiment of the disclosure;
FIG. 2 schematically illustrates a system architecture diagram in an exemplary embodiment of the disclosure;
FIG. 3 schematically illustrates a schematic composition diagram of a data monitoring apparatus in an exemplary embodiment of the present disclosure;
fig. 4 schematically illustrates a system structure diagram of a terminal device in an exemplary embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
For an Android system, many developers of APK (Android application package) need to integrate specialized SDKs (Software Development kits) developed by a third party to complete functions of the developers. The third-party SDK is introduced into a double-edged sword, so that convenience is brought, and more security threats are brought. Especially, if the third-party SDKs with the hot updating function are not monitored safely, many malicious functions can be added after the SDKs are updated hot, and the third-party SDKs are used for collecting user privacy, downloading malicious codes of hackers, being used as backdoors, even attacking systems and the like. So that APK developers who integrate SDKs are also implicated. Therefore, there is an increasing need for detecting whether the third-party SDK has the function of hot update. When detecting that the third-party SDK has the hot updating function, the original APK developer can require the SDK supplier to remove the hot updating function. The existing method for detecting whether the third-party SDK has the hot update function generally adopts a manual detection mode. For example, whether the APK integrated with the SDK downloads a dex file from a network during operation is detected in a manual mode, the dex file is placed in a "/data/data/package name" or "/data/app/package name" directory or subdirectory of the APK, and whether the downloaded dex file is a hot update package is analyzed. The detection mode has low detection efficiency and low detection accuracy.
In view of the above-described drawbacks and deficiencies of the prior art, a data monitoring method is provided in the present exemplary embodiment. Referring to fig. 1, the data monitoring method described above may include the steps of:
s11, responding to the trigger instruction, activating the monitoring application in the target application environment, so that the monitoring application can read the application catalog of the target to be monitored in real time;
s12, when the application directory of the target to be monitored is monitored to have a newly added file, acquiring attribute information of the newly added file;
s13, when the newly added file is determined to be the newly added file of the target type according to the attribute information of the newly added file, generating prompt information according to the attribute information of the newly added file of the target type, and marking the application to be monitored.
In the data monitoring method provided in this example embodiment, on one hand, the file directory corresponding to the application program to be monitored is monitored in real time, so that when a new file exists in the file directory, the new file can be read and identified in real time, and thus, whether the application to be monitored has a function of hot update can be determined according to the identification result of the new file. And whether the target to be monitored has the hot updating function or not is confirmed by dynamically identifying the newly added file of the target type, so that the identification of the hot updating function and the management of the corresponding application program are facilitated. On the other hand, an independent monitoring program is used for monitoring the application program to be monitored, so that the automatic monitoring and identification of the SDK hot update function can be realized, and the detection efficiency of the hot update function is improved.
Hereinafter, each step of the data monitoring method in the present exemplary embodiment will be described in more detail with reference to the drawings and examples.
In step 11, in response to a trigger instruction, a monitoring application is activated in a target application environment, so that the monitoring application reads an application directory of a target to be monitored in real time.
In this example embodiment, the target application environment may adopt an electronic device of an android system, such as a mobile phone and a tablet computer, which is operated by ROOT. A monitoring application may be pre-installed in the electronic device, and the monitoring application may be configured to monitor the transformation of a specified file or folder, and the authority, modification, and other operations of the file or folder. Or, if in an android electronic device in a non-ROOT environment, the user may configure a system management authority for the monitoring application in advance, so that the monitoring application may identify and monitor the file or the folder.
In addition, in the electronic device, one or more applications to be detected may be installed in advance, for example: web browsing software, chat software, or shopping software, among others. The applications to be detected may be APKs that include a hot-update function, one or more of which are configured as targets to be monitored.
In this example embodiment, referring to the system architecture shown in fig. 2, the system architecture may include a control terminal 202 (e.g., a tablet computer, a portable or desktop computer, a server, etc.), a network 201, and an electronic device 203. The network 201 is used to provide a medium for a communication link between the control terminal 202 and the electronic device. Network 201 may include various connection types, such as wired communication links, wireless communication links, and so forth. It should be understood that the number of control terminals, networks and electronic devices in fig. 2 is merely illustrative. There may be any number of control terminals, networks, and electronic devices, as desired for implementation. For example, multiple electronic devices can be dynamically monitored and detected at the same time.
In the present exemplary embodiment, the user can execute operations such as installing an application, sending a control instruction, receiving feedback data, and configuring a right to the electronic device 203 through the control terminal 202. For example, the user may send a trigger instruction to the electronic device 203 at the control terminal 202, activate and start a monitoring application at the electronic device, and determine an application program of a specific target to be monitored.
Specifically, on the side of the electronic device 203, after the monitoring application is activated, a file monitoring interface may be called, and monitoring instances having the same number as the number of the targets to be monitored are created, so as to monitor each target to be monitored in real time by using each monitoring instance.
For example, the called monitoring interface may adopt a File Observer interface. FileObserver may be used to provide monitoring of files or folders, a File Observer instance monitors a File, and the event types (event types) of the files or folders that can be monitored include one or more of the following, for example:
in this exemplary embodiment, a user may configure an application program to be monitored as an application to be monitored to the monitoring application at the control terminal 202, so that the monitoring application monitors all folders and files of each application to be monitored in real time. Alternatively, a folder with a specified name or a file with a specified type may be configured for the monitoring application; for example, the configuration folders include "/data/data", "/data/app", and "/data/system" directories and their subdirectories. The file type of the configuration monitoring is a dex file.
Or when the application to be monitored is not configured, the file can be configured to be scanned in a full disk manner, or a storage space is designated for scanning, so that when the newly added dex file is monitored, the file and the application program corresponding to the folder in which the file is located can be configured to be the application to be monitored.
In step S12, when it is monitored that the new file exists in the application directory of the target to be monitored, attribute information of the new file is obtained.
In this example embodiment, the newly added file of the target type may be a dex file. When a newly added file appears in a directory of a certain APK, the file name, format, size, storage path and other attribute information of the newly added file can be acquired.
Or when the number of the newly added files is large, the modulus of the files can be acquired, and whether the newly added files are the target type or not can be determined through the modulus. For example, whether the newly added file is a dex file can be determined by detecting whether the modulus of the newly added file is dex.035.
In step S13, when it is determined that the newly added file is the newly added file of the target type according to the attribute information of the newly added file, prompt information is generated according to the attribute information of the newly added file of the target type, and the application to be monitored is marked.
In this exemplary embodiment, after determining that the newly added file is a dex file by using the attribute information of the newly added file, it may be determined that the SDK of the APK corresponding to the dex file includes a hot update function. At this time, the judgment result of the hot update function and parameters such as the dex file storage path can be used for generating prompt information, and the prompt information is fed back to the control terminal or sent to a specified address by means of mails, information and the like. In addition, on the electronic device side, an icon of an application program with a hot update function may be marked in the interactive interface, for example, with a special color to remind the user. Or, a status bar may be generated on the interactive interface, and the corresponding prompt information is described in the status bar.
In addition, in the present exemplary embodiment, for the detected newly added dex file, deletion processing may be performed thereon; alternatively, the newly added dex file is transferred to the sequestered storage area. And avoiding the dex file from being executed and collecting user information.
Based on the above, in order to improve the accuracy of determining the SDK hot update function, after the determination is performed by monitoring the dex file, the monitored dex file can be decompiled, and further determination is performed. For example, it may include:
step S21, performing decompilation on the newly added file to obtain a decompilated file;
step S22, reading the decompiled file, and retrieving the decompiled file by using the target key words;
and step S23, when a retrieval result matched with the target keyword is retrieved, adding the retrieval result to the prompt message.
For example, the newly added dex file can be decompiled and converted into a jar file, the content of the jar file is checked, the content of the jar file is retrieved by using keywords related to hot update, and whether related content exists or not is judged. And when the relevant content exists in the search, adding the corresponding search result to the prompt information.
Alternatively, in other exemplary embodiments of the present disclosure, after monitoring the newly added dex file, the method may further include:
step S31, analyzing the software development kit integrated by the target to be monitored to obtain a corresponding code;
and step S32, reading the code, and generating confirmation prompt information when the code contains the target code.
For example, after the newly added dex file is monitored, the corresponding SDK can be analyzed to obtain the corresponding code, and the pre-configured target code paragraph is used for matching with the code of the SDK. If the matched code exists, the hot updating function of the SDK is further proved to exist. If no matched code exists, the decompilation operation can be executed on the dex file, and whether the current detection result is misjudged or not is judged.
Alternatively, in other exemplary embodiments of the present disclosure, for the dex file, the data structure thereof includes: a file header, an index area and a data area. The index area may include an index of a character string, an index of a type, an index of a method prototype, an index of a domain, and an index of a method. The data area may include: a definition area, a data area and a link data area of the class. After the dex file is obtained, further judgment can be made by extracting the classes contained in the definition area of the classes of the dex file and the state and form of the link.
In some example embodiments of the present disclosure, the data monitoring method may be executed on a smart terminal such as a mobile phone or a tablet computer, for example, running independently on the smart terminal in the form of an application program without the configuration of the control terminal. The intelligent terminal can be a device after the root operation is executed. The monitoring application can monitor the dex file through the called monitoring service or in the form of a monitoring plug-in. The user can configure information such as a target program to be monitored, or monitored storage space, key fields of files and folders and the like in an interactive interface of the intelligent terminal. And displaying the generated prompt information in an interactive interface of the intelligent terminal.
According to the data monitoring method provided by the embodiment of the disclosure, the newly added dex file can be found in real time by monitoring the directory of the specified application program or monitoring the specified storage space. Therefore, whether the SDK integrated with the application to be monitored has a hot updating function or not can be judged. In addition, the determination result can be further confirmed by analyzing the dex file or the SDK. Therefore, the method can realize automatic, dynamic and real-time monitoring of different application programs, accurately judge whether the SDK has a hot updating function or not, and reduce false alarm. The detection efficiency of the hot update function is improved.
It is to be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to an exemplary embodiment of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Further, referring to fig. 3, in the present exemplary embodiment, a data monitoring apparatus 30 is further provided, configured on an electronic device or a server side, and includes: an activation response module 301, a monitoring execution module 302 and a prompt message generation module 303. Wherein,
the activation response module 301 may be configured to activate a monitoring application in a target application environment in response to a trigger instruction, so that the monitoring application reads an application directory of a target to be monitored in real time.
The monitoring execution module 302 may be configured to, when it is monitored that a newly added file exists in the application directory of the target to be monitored, obtain attribute information of the newly added file.
The prompt information generating module 303 may be configured to generate prompt information according to the attribute information of the newly added file of the target type and mark the application to be monitored when the newly added file is determined to be the newly added file of the target type according to the attribute information of the newly added file.
In one example of the present disclosure, the target to be monitored includes a plurality of targets. The activation response module 301 may include: a monitoring instance creation unit (not shown in the figure).
The monitoring instance creating unit may be configured to invoke a file monitoring interface by the monitoring application, and create monitoring instances having the same number as the number of the targets to be monitored, so as to monitor each target to be monitored in real time by using each monitoring instance.
In one example of the present disclosure, the activation response module 301 may include: a monitoring configuration unit, a monitoring instance configuration unit (not shown in the figure).
The monitoring configuration unit may be configured to scan the storage space to obtain an application directory containing the target feature in the storage space, and configure the application directory containing the target feature as the target to be monitored.
The monitoring instance configuration unit may be configured to create a monitoring instance that is the same as the target to be monitored, so as to monitor the application directories of the targets to be monitored respectively.
In one example of the present disclosure, the apparatus may further include: a decompilation processing module (not shown).
The decompiling processing module can be used for decompiling the newly added file to obtain a decompiled file; reading the decompiled file, and retrieving the decompiled file by using a target keyword; and when a retrieval result matched with the target keyword is retrieved, adding the retrieval result to the prompt message.
In one example of the present disclosure, the apparatus may further include: a software development kit parsing module (not shown in the figure).
The software development kit analysis module can be used for analyzing the software development kit integrated with the target to be monitored to obtain a corresponding code; and reading the code, and generating confirmation prompt information when the code contains the target code.
In one example of the present disclosure, the apparatus may further include: a document processing module (not shown in the figure).
The file processing module may be configured to delete the newly added file of the target type; or transferring the newly added file of the target type to an isolated storage area.
In one example of the present disclosure, the apparatus may further include: a rights configuration module (not shown).
The permission configuration module may be configured to configure application directory read permissions for the monitoring application.
The specific details of each module in the data monitoring apparatus have been described in detail in the corresponding data monitoring method, and therefore are not described herein again.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Fig. 4 illustrates a schematic block diagram of a computer system suitable for use with a wireless communication device to implement an embodiment of the present invention.
It should be noted that the computer system 800 of the electronic device shown in fig. 4 is only an example, and should not bring any limitation to the function and the scope of the application of the embodiment of the present invention.
As shown in fig. 4, the computer system 800 includes a Central Processing Unit (CPU)801 that can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for system operation are also stored. The CPU 801, ROM802, and RAM 803 are connected to each other via a bus 804. An Input/Output (I/O) interface 805 is also connected to bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
In particular, according to an embodiment of the present invention, the processes described below with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. When the computer program is executed by the Central Processing Unit (CPU)801, various functions defined in the system of the present application are executed.
It should be noted that the computer readable medium shown in the embodiment of the present invention may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the method as described in the embodiments below. For example, the electronic device may implement the steps shown in fig. 1.
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
It should be noted that, as another aspect, the present application also provides a computer-readable medium, which may be included in the electronic device described in the above embodiment; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the method as described in the embodiments below. For example, the electronic device may implement the steps shown in fig. 1.
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is to be limited only by the terms of the appended claims.
Claims (10)
1. A method for monitoring data, comprising:
responding to a trigger instruction, activating a monitoring application in a target application environment, so that the monitoring application reads an application catalog of a target to be monitored in real time;
when monitoring that a newly added file exists in the application directory of the target to be monitored, acquiring attribute information of the newly added file;
and when the newly added file is determined to be the newly added file of the target type according to the attribute information of the newly added file, generating prompt information according to the attribute information of the newly added file of the target type, and marking the application to be monitored.
2. The data monitoring method according to claim 1, wherein the object to be monitored comprises a plurality of objects; the activating the monitoring application in the target application environment to enable the monitoring application to read the application catalog of the target to be monitored in real time includes:
and the monitoring application calls a file monitoring interface and creates monitoring examples with the same number as the targets to be monitored so as to monitor the targets to be monitored in real time by using the monitoring examples.
3. The data monitoring method according to claim 1 or 2, wherein the enabling the monitoring application to read the application directory of the target to be monitored in real time comprises:
scanning a storage space to obtain an application directory containing target characteristics in the storage space, and configuring the application directory containing the target characteristics as a target to be monitored;
and creating a monitoring example which is the same as the target to be monitored so as to monitor the application catalog of each target to be monitored respectively.
4. The data monitoring method according to claim 1, wherein when determining that the newly added file is a target type file according to the attribute information of the newly added file, the method further comprises:
decompiling the newly added file to obtain a decompiled file;
reading the decompiled file, and retrieving the decompiled file by using a target keyword;
and when a retrieval result matched with the target keyword is retrieved, adding the retrieval result to the prompt message.
5. The data monitoring method of claim 1, further comprising:
analyzing the software development kit integrated with the target to be monitored to obtain a corresponding code;
and reading the code, and generating confirmation prompt information when the code contains the target code.
6. The data monitoring method of claim 1 or 5, wherein the method further comprises:
deleting the newly added files of the target type; or
And transferring the newly added file of the target type to an isolated storage area.
7. The monitoring method of claim 1, wherein after the monitoring application is activated in the target application environment, the method further comprises:
and configuring application directory reading permission for the monitoring application.
8. A data monitoring device, comprising:
the activation response module is used for responding to a trigger instruction and activating the monitoring application in a target application environment so that the monitoring application can read an application catalog of a target to be monitored in real time;
the monitoring execution module is used for acquiring the attribute information of the newly added file when the newly added file exists in the application directory of the target to be monitored;
and the prompt information generation module is used for generating prompt information according to the attribute information of the newly added file of the target type and marking the application to be monitored when the newly added file is determined to be the newly added file of the target type according to the attribute information of the newly added file.
9. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out a data monitoring method according to any one of claims 1 to 7.
10. A terminal device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out a data monitoring method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010296335.8A CN111563015B (en) | 2020-04-15 | 2020-04-15 | Data monitoring method and device, computer readable medium and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010296335.8A CN111563015B (en) | 2020-04-15 | 2020-04-15 | Data monitoring method and device, computer readable medium and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111563015A true CN111563015A (en) | 2020-08-21 |
| CN111563015B CN111563015B (en) | 2023-04-21 |
Family
ID=72073112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010296335.8A Active CN111563015B (en) | 2020-04-15 | 2020-04-15 | Data monitoring method and device, computer readable medium and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111563015B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112256645A (en) * | 2020-10-20 | 2021-01-22 | 北京字节跳动网络技术有限公司 | Data processing method, device, terminal and storage medium |
| CN112287343A (en) * | 2020-10-16 | 2021-01-29 | 深圳市和讯华谷信息技术有限公司 | SDK monitoring method and device, computer equipment and storage medium |
| CN112559293A (en) * | 2020-12-22 | 2021-03-26 | 上海哔哩哔哩科技有限公司 | Application package monitoring method and device |
| CN113110865A (en) * | 2021-04-21 | 2021-07-13 | 北京字跳网络技术有限公司 | Server hot updating method and device |
| CN114265744A (en) * | 2021-12-20 | 2022-04-01 | 奇安信科技集团股份有限公司 | Monitoring method and device for enterprise digital assets, storage medium and terminal |
| CN117806688A (en) * | 2024-03-01 | 2024-04-02 | 腾讯科技(深圳)有限公司 | Thermal update detection method, thermal update detection device, computer equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104932965A (en) * | 2014-03-18 | 2015-09-23 | 北京奇虎科技有限公司 | Object real-time monitoring method and device |
| WO2016019893A1 (en) * | 2014-08-07 | 2016-02-11 | 北京奇虎科技有限公司 | Application installation method and apparatus |
| CN107145489A (en) * | 2016-03-01 | 2017-09-08 | 阿里巴巴集团控股有限公司 | A kind of information statistical method and device of the client application based on cloud platform |
| CN107291587A (en) * | 2016-04-11 | 2017-10-24 | 北京京东尚科信息技术有限公司 | Computer applied algorithm monitoring method and device |
| CN109284607A (en) * | 2018-09-20 | 2019-01-29 | 沈文策 | A kind of detection method of illegal file, device, equipment and storage medium |
| CN110427757A (en) * | 2019-08-06 | 2019-11-08 | 南方电网科学研究院有限责任公司 | Android vulnerability detection method, system and related device |
| CN110688360A (en) * | 2019-09-17 | 2020-01-14 | 济南浪潮数据技术有限公司 | Distributed file system storage management method, device, equipment and storage medium |
-
2020
- 2020-04-15 CN CN202010296335.8A patent/CN111563015B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104932965A (en) * | 2014-03-18 | 2015-09-23 | 北京奇虎科技有限公司 | Object real-time monitoring method and device |
| WO2016019893A1 (en) * | 2014-08-07 | 2016-02-11 | 北京奇虎科技有限公司 | Application installation method and apparatus |
| CN107145489A (en) * | 2016-03-01 | 2017-09-08 | 阿里巴巴集团控股有限公司 | A kind of information statistical method and device of the client application based on cloud platform |
| CN107291587A (en) * | 2016-04-11 | 2017-10-24 | 北京京东尚科信息技术有限公司 | Computer applied algorithm monitoring method and device |
| CN109284607A (en) * | 2018-09-20 | 2019-01-29 | 沈文策 | A kind of detection method of illegal file, device, equipment and storage medium |
| CN110427757A (en) * | 2019-08-06 | 2019-11-08 | 南方电网科学研究院有限责任公司 | Android vulnerability detection method, system and related device |
| CN110688360A (en) * | 2019-09-17 | 2020-01-14 | 济南浪潮数据技术有限公司 | Distributed file system storage management method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 曹勇;李军虎;陈晓升;: "基于静态分析的APK安全检测系统的设计与实现" * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112287343A (en) * | 2020-10-16 | 2021-01-29 | 深圳市和讯华谷信息技术有限公司 | SDK monitoring method and device, computer equipment and storage medium |
| CN112256645A (en) * | 2020-10-20 | 2021-01-22 | 北京字节跳动网络技术有限公司 | Data processing method, device, terminal and storage medium |
| WO2022083594A1 (en) * | 2020-10-20 | 2022-04-28 | 北京字节跳动网络技术有限公司 | Data processing method and device, terminal, and storage medium |
| CN112559293A (en) * | 2020-12-22 | 2021-03-26 | 上海哔哩哔哩科技有限公司 | Application package monitoring method and device |
| CN112559293B (en) * | 2020-12-22 | 2023-03-07 | 上海哔哩哔哩科技有限公司 | Application package monitoring method and device |
| CN113110865A (en) * | 2021-04-21 | 2021-07-13 | 北京字跳网络技术有限公司 | Server hot updating method and device |
| CN114265744A (en) * | 2021-12-20 | 2022-04-01 | 奇安信科技集团股份有限公司 | Monitoring method and device for enterprise digital assets, storage medium and terminal |
| CN117806688A (en) * | 2024-03-01 | 2024-04-02 | 腾讯科技(深圳)有限公司 | Thermal update detection method, thermal update detection device, computer equipment and storage medium |
| CN117806688B (en) * | 2024-03-01 | 2024-05-28 | 腾讯科技(深圳)有限公司 | Thermal update detection method, thermal update detection device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111563015B (en) | 2023-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111563015B (en) | Data monitoring method and device, computer readable medium and terminal equipment | |
| CN108090351B (en) | Method and apparatus for processing request message | |
| CN111563257B (en) | Data detection method and device, computer readable medium and terminal equipment | |
| WO2021243555A1 (en) | Quick application test method and apparatus, device, and storage medium | |
| CN115033894B (en) | Software component supply chain safety detection method and device based on knowledge graph | |
| CN105786805A (en) | Intelligent mobile terminal, document manager and file display method of same | |
| CN110688096A (en) | Method, device, medium and electronic equipment for constructing application program containing plug-in | |
| CN113268245A (en) | Code analysis method, device and storage medium | |
| Fu et al. | Data correlation‐based analysis methods for automatic memory forensic | |
| CN112148545B (en) | Security baseline detection method and security baseline detection system of embedded system | |
| CN111488286B (en) | Method and device for independently developing Android modules | |
| US20110055295A1 (en) | Systems and methods for context aware file searching | |
| CN109683942B (en) | Script management method, script management device, script management medium and electronic equipment | |
| CN110348226A (en) | A kind of scan method of project file, device, electronic equipment and storage medium | |
| CN116595523A (en) | Multi-engine file detection method, system, equipment and medium based on dynamic arrangement | |
| CN112817603B (en) | Application processing method, device, electronic equipment, system and storage medium | |
| KR20180007792A (en) | Apparatus and method for providing data based on cloud service | |
| CN116028917A (en) | Authority detection method and device, storage medium and electronic equipment | |
| KR20190080981A (en) | Information display method, terminal, and server | |
| CN112416875A (en) | Log management method and device, computer equipment and storage medium | |
| CN110851346A (en) | Method, device and equipment for detecting boundary problem of query statement and storage medium | |
| CN112749078A (en) | Buried point testing method and device | |
| CN109933990A (en) | Security breaches discovery method, apparatus and electronic equipment based on multi-mode matching | |
| CN112784272B (en) | Application processing method, device, electronic equipment, system and storage medium | |
| Rafiq et al. | Secure and dynamic model for book searching on cloud computing as mobile augmented reality |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |