CN111651764B - Process monitoring method and device, electronic equipment and storage medium - Google Patents
Process monitoring method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111651764B CN111651764B CN202010458622.4A CN202010458622A CN111651764B CN 111651764 B CN111651764 B CN 111651764B CN 202010458622 A CN202010458622 A CN 202010458622A CN 111651764 B CN111651764 B CN 111651764B
- Authority
- CN
- China
- Prior art keywords
- audio
- preset code
- data
- equipment
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 197
- 238000012544 monitoring process Methods 0.000 title claims abstract description 21
- 238000001914 filtration Methods 0.000 claims abstract description 30
- 230000004044 response Effects 0.000 claims abstract description 8
- 238000012806 monitoring device Methods 0.000 claims abstract description 6
- 238000004590 computer program Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000007488 abnormal function Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a process monitoring method, a process monitoring device, electronic equipment and a storage medium, which are used for solving the problem that audio equipment in the electronic equipment is called. The method comprises the following steps: acquiring a physical address of an audio device in the electronic device; binding a filtering driver between a driver of the audio device and an audio device graphic isolation program according to the physical address; determining whether a process of the target application executes any preset code in a preset code set through the filtering driver, wherein each preset code in the preset code set is used for responding to a data acquisition request of the audio equipment; if the process is executed to one preset code in the preset code set, intercepting the response of the preset code to the data acquisition request of the audio equipment, and suspending the process; and displaying the permission prompt information of the audio equipment. By adopting the embodiment of the invention, the safety of the electronic equipment can be improved.
Description
Technical Field
The present invention relates to the field of system security technologies, and in particular, to a process monitoring method, a device, an electronic device, and a storage medium.
Background
With the development of internet technology, malicious program technologies such as viruses, trojans and the like are layered endlessly, and individual malicious programs are running in the background and turning on audio devices (e.g., microphones, headphones and the like) on electronic devices. The audio data is acquired by the audio device and sent remotely, resulting in compromised user privacy.
Disclosure of Invention
The embodiment of the invention provides a process monitoring method, a process monitoring device, electronic equipment and a storage medium, which are used for solving the technical problem that audio equipment in the electronic equipment is called and improving the safety of the electronic equipment.
In a first aspect, the present invention provides a process monitoring method, including:
acquiring a physical address of an audio device in the electronic device;
binding a filtering driver between the driver of the audio device and the audio device graphic isolation program according to the physical address;
determining whether a process of the target application executes any preset code in a preset code set through the filtering driver, wherein each preset code in the preset code set is used for responding to a data acquisition request of the audio equipment;
if the process is executed to one preset code in the preset code set, intercepting the response of the preset code to the data acquisition request of the audio equipment, and suspending the process;
And displaying the permission prompt information of the audio equipment.
With reference to the first aspect of the embodiment of the present invention, in a first possible implementation manner of the first aspect of the embodiment of the present invention, the preset code set includes a first preset code and a second preset code, where the first preset code is used to obtain audio data of the audio device, and the second preset code is used to obtain an audio data packet of the audio device.
With reference to the first possible implementation manner of the first aspect of the present invention, in a second possible implementation manner of the first aspect of the present invention, if the process is executed to the third preset code, before the displaying the permission prompt information of the audio device, the method further includes:
determining a security value of the audio data corresponding to the data acquisition request, wherein the security value is used for describing the privacy of the audio data and/or the maliciousness of a target application corresponding to the data acquisition request;
and if the safety value is greater than the safety threshold value, executing the step of displaying the permission prompt information of the audio equipment.
With reference to the second possible implementation manner of the first aspect of the present invention, in a third possible implementation manner of the first aspect of the present invention, if the security value is used to describe the privacy of the audio data, the determining the security value of the audio data corresponding to the data acquisition request includes:
Acquiring privacy data in text information of the audio data;
and determining the security value of the audio data according to the privacy data.
With reference to the second possible implementation manner of the first aspect of the present invention, in a third possible implementation manner of the first aspect of the present invention, if the security value is used to describe a malicious property of a target application corresponding to the data acquisition request, the determining the security value of the audio data corresponding to the data acquisition request includes:
acquiring file information of the target application according to the process;
determining a malicious value of the target application according to the file information;
and determining the security value of the audio data according to the malicious value.
With reference to the first aspect of the embodiment of the present invention, the first possible implementation manner of the first aspect, the second possible implementation manner of the first aspect, or the third possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect of the embodiment of the present invention, the acquiring a physical address of an audio device in an electronic device includes:
acquiring an equipment identifier of an audio equipment in the electronic equipment;
and determining the physical address of the audio equipment according to the equipment identification.
With reference to the fifth possible implementation manner of the first aspect of the present invention, in a sixth possible implementation manner of the first aspect of the present invention, the acquiring an equipment identifier of an audio device in an electronic device includes:
acquiring target equipment in a plurality of pieces of equipment corresponding to audio equipment in electronic equipment;
and determining the identification of the target device as the device identification of the audio device.
In a second aspect, the present invention provides a process monitoring apparatus, comprising:
the acquisition unit is used for acquiring the physical address of the audio equipment in the electronic equipment;
the binding unit is used for binding the filtering driver between the driver of the audio equipment and the graphic isolation program of the audio equipment according to the physical address;
the monitoring unit is used for determining whether the process of the target application executes any preset code in a preset code set or not through the filtering drive, wherein each preset code in the preset code set is used for responding to a data acquisition request of the audio equipment;
the execution unit is used for intercepting a preset code to respond to a data acquisition request of the audio equipment if the process is executed to one preset code in the preset code set, and suspending the process; and displaying the permission prompt information of the audio equipment.
With reference to the second aspect of the embodiment of the present invention, in a first possible implementation manner of the second aspect of the embodiment of the present invention, the preset code set includes a first preset code and a second preset code, where the first preset code is used to obtain audio data of the audio device, and the second preset code is used to obtain an audio data packet of the audio device.
With reference to the first possible implementation manner of the second aspect of the embodiment of the present invention, in a second possible implementation manner of the second aspect of the embodiment of the present invention, the preset code set further includes a third preset code, where the third preset code is used to obtain audio data through a physical device connected to the audio device; if the process is executed to the third preset code, the acquiring unit is further configured to determine a security value of the audio data corresponding to the data acquiring request, where the security value is used to describe privacy of the audio data and/or maliciousness of a target application corresponding to the data acquiring request; and if the safety value is greater than the safety threshold value, calling the execution unit to execute the step of displaying the permission prompt information of the audio equipment.
With reference to the second possible implementation manner of the second aspect of the embodiment of the present invention, in a third possible implementation manner of the second aspect of the embodiment of the present invention, if the security value is used to describe the privacy of the audio data, the acquiring unit is specifically configured to acquire the privacy data in the text information of the audio data; and determining the security value of the audio data according to the privacy data.
With reference to the second possible implementation manner of the second aspect of the embodiment of the present invention, in a fourth possible implementation manner of the second aspect of the embodiment of the present invention, if the security value is used to describe the maliciousness of the target application corresponding to the data acquisition request, the acquiring unit is specifically configured to acquire file information of the target application according to the process; determining a malicious value of the target application according to the file information; and determining the security value of the audio data according to the malicious value.
With reference to the second aspect of the embodiment of the present invention, the first possible implementation manner of the second aspect, the second possible implementation manner of the second aspect, the third possible implementation manner of the second aspect, or the fourth possible implementation manner of the second aspect, in a fifth possible implementation manner of the second aspect of the embodiment of the present invention, the acquiring unit is specifically configured to acquire an equipment identifier of an audio device in an electronic device; and determining the physical address of the audio equipment according to the equipment identification.
With reference to the fifth possible implementation manner of the second aspect of the embodiment of the present invention, in a sixth possible implementation manner of the second aspect of the embodiment of the present invention, the acquiring unit is specifically configured to acquire a target device in a plurality of devices corresponding to an audio device in an electronic device; and determining the identification of the target device as the device identification of the audio device.
A third aspect of an embodiment of the present invention provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to respective circuits or devices of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the process monitoring method provided in the first aspect of the embodiment of the present invention.
A fourth aspect of the embodiment of the present invention provides a non-transitory computer readable storage medium, where the storage medium is configured to store a computer program, where the computer program when executed by a processor implements the process monitoring method provided in the first aspect of the embodiment of the present invention.
By implementing the embodiment of the invention, the physical address of the audio pick-up in the electronic equipment is firstly obtained, and the filtering drive is bound between the drive of the audio pick-up and the image isolation program of the audio equipment according to the physical address, so that the filtering drive can monitor the progress of the audio pick-up. If the filtering driver monitors that the process of the target application is executed to one preset code in the preset code set, intercepting the preset code to respond to the data acquisition request of the audio equipment, and suspending the process. And finally, displaying the permission prompt information of the audio pick-up. Therefore, the user is prompted to choose whether to allow the target application to acquire the audio data through the permission prompt information, the privacy of the user is protected, and the safety of the electronic equipment is improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a system according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a process monitoring method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a device manager according to an embodiment of the present invention;
FIG. 4 is a schematic diagram showing a permission prompt provided by an embodiment of the present invention;
FIG. 5 is a flowchart of another process monitoring method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a process monitoring device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms first, second, third and the like in the description and in the claims and drawings are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
The electronic device described in the embodiments of the present invention may include a smart phone (such as an Android phone), a tablet computer, a palm computer, a notebook computer, a mobile internet device (MID, mobile Internet Devices), a wearable device, etc., and the electronic device is merely exemplary, but not exhaustive, and includes but is not limited to an electronic device.
The embodiment of the invention provides a process monitoring method, a process monitoring device, electronic equipment and a storage medium, which are used for solving the technical problem that audio equipment in the electronic equipment is called and improving the safety of the electronic equipment.
For a better understanding of aspects of embodiments of the present application, related terms and concepts to which embodiments of the present application may relate are first described below.
(1) Audio apparatus
The audio device is used for collecting audio data in the environment and playing audio data in the electronic device or received by the electronic device. The audio devices include devices integrated on electronic devices such as speakers and microphones, and may also include external devices such as universal serial bus (Universal Serial Bus) audio devices, bluetooth headsets, and high-definition multimedia interfaces (High Definition Multimedia Interface, HDMI), without limitation.
(2) Input/output request packet
Input/output request packages (IRPs) are a system component in the microsoft operating system (Windows) kernel. When an upper application program needs to access an underlying Input/output device, an Input/output (I/O) request is issued, the system converts the request into IRP data, and different IRPs start corresponding dispatch functions in the I/O device driver. For example, a file-related request such as CREATE file (CreateFile)/READ file (ReadFile)/WRITE file (WriteFile) is transferred to IRP type of irp_mj_create/irp_mj_read/irp_mj_write, respectively, and then transferred to a dispatch function of the driver.
(3) Kernel flow type
Kernel Streaming (Ks) presents different functions of a driver to an application in a series of file objects. The application program issues an I/O request to the file object to control the different functions of the drive. Ks objects support Properties (Properties), events (Events), and Methods (Methods). The application program contacts the file object through a series of DEVICE CONTROL methods (irp_mj_device_control) and specifies and describes the drivers in the IRP and the file object in the process.
The audio DEVICE is a core stream DEVICE (file_device_ks), and as with the input/output control method (IOCTL) of all core streams, the IRP sequence read is approximately:
major:IRP_MJ_CREATE filename:...
...
major:IRP_MJ_DEVICE_CONTROL ioctl:IOCTL_KS_PROPERTY request:Connection KSPROPERTY_CONNECTION_STATE set type:
KSSTATE_ACQUIRE
major:IRP_MJ_DEVICE_CONTROL ioctl:IOCTL_KS_PROPERTY request:Connection KSPROPERTY_CONNECTION_STATE set type:
KSSTATE_PAUSE
major:IRP_MJ_DEVICE_CONTROL ioctl:IOCTL_KS_PROPERTY request:Connection KSPROPERTY_CONNECTION_STATE set type:
KSSTATE_RUN
major:IRP_MJ_DEVICE_CONTROL ioctl:IOCTL_KS_READ_STREAM
...
major:IRP_MJ_DEVICE_CONTROL ioctl:KSPROPSETID_RtAudio:
KSPROPERTY_RTAUDIO_GETREADPACKET:
major:IRP_MJ_DEVICE_CONTROL IOCTL_KS_PROPERTY:
KSPROPSETID_RtAudio:
KSPROPERTY_RTAUDIO_GETREADPACKET:
major:IRP_MJ_DEVICE_CONTROL ioctl:KSPROPSETID_RtAudio:
GUID_PROPSETID_Pin:
KSPROPERTY_PIN_PHYSICALCONNECTION:
major:IRP_MJ_DEVICE_CONTROL IOCTL_KS_PROPERTY:
GUID_PROPSETID_Pin:
KSPROPERTY_PIN_PHYSICALCONNECTION:
...
major:IRP_MJ_DEVICE_CONTROL ioctl:IOCTL_KS_PROPERTY request:Connection KSPROPERTY_CONNECTION_STATE set type:
KSSTATE_STOP
major:IRP_MJ_CLEANUP
major:IRP_MJ_CLOSE
the irp_mj_create_file is a method for creating a file name, irp_mj_device_control_control is an input/output CONTROL method of a core STREAM DEVICE, ioctl_ks_read_stream is a method for reading input/output data of the core STREAM DEVICE, ioctl_ks_security request is an input/output data request of the core STREAM DEVICE, connection KSPROPERTY _connection_state set type is a setting method of a CONNECTION STATE of the core STREAM DEVICE, ksstate_acquire_state is a suspension STATE, ksstate_run is an operation STATE, ksstate_stop is an end STATE, ioctl_ks_process is an attribute setting method of the core STREAM DEVICE, guid_process_pin is an acquisition Pin identification method, ksprocess_pin_phase_process is an attribute method for acquiring a DEVICE which is physically connected with a Pin, ksprocess_audio_audio_is an acquisition STATE, ksstate_pause_pause_run is an operation STATE, ksstate_stop_stop is an end STATE, and the input/output method is a real-time CONTROL method of the input/output of the real-time CONTROL.
When an application calls an audio device, a user mode of an upper layer of the system calls a device control method (DeviceIoControl) to pass an input output control method (ioctl_ks_read_stream) of a READ kernel STREAM to obtain audio data. Thus, intercepting execution of the code may prevent the application from acquiring audio data when it is monitored that the process is executing to ioctl_ks_read_stream. When KSPROPERTAUDIO GETREADPACKET is monitored, execution of the code is intercepted, which may prevent the application from capturing real-time audio packets. Therefore, in addition to intercepting the two processes, the process can be paused, and the permission prompt information of the audio device is sent to the user, so that whether the permission of the application program is opened or not can be selected according to the permission prompt information of the user, and the operation of the application program for acquiring data is controlled.
(4) Audio device image isolation program
The audio device image isolation procedure may be audiodg. In Windows operating System, the graphic isolation program of audio device is located in C \Windows\System32\audiodg.exe, and is used to distinguish video data and audio data so as to make the electronic device process audio data separately.
(5) Filter drive
The filtering driver is to add a new layer in the Windows operating system kernel without affecting the upper and lower interfaces, so that the software of the upper layer or the real driver of the lower layer does not need to be modified. The filtering driver is mounted on other drivers, the IRP of the driver is intercepted and filtered, and the function of the driver can be expanded, or the driver such as data encryption can be realized.
When the target driver has a device name, the filter driver and the target driver can be bound through a binding device method (IoAttachDevice) in an application program interface (Application Interface, API). When the device name does not exist in the target drive, binding can be performed according to the pointer of the target drive, for example, through an API such as IoAttachDeviceToStack, ioAttachDeviceToDeviceStackSafe, or the like.
Referring to fig. 1, a filter driver 102 is located between a driver 103 of an audio device and an audio device graphic isolation program 101. Thus, when an application invokes an audio device, the audio device graphics isolation program 101 sends a data acquisition request for the application to invoke the audio device to the filter driver 102. And then the filtered drive 102 sends the data to the drive 103 of the audio device, so that the authority of the audio device is monitored through the filtered drive.
(6) Physical address
In computer science, a physical address, also called real address, binary address, is present in electronic form on an address bus, so that the data bus can access the memory address of a specific memory cell of the main memory. In a virtual memory computer, the term physical address is often used to distinguish between virtual addresses. Particularly in computers that use memory management units (Memory Management Unit, MMU) to translate memory addresses, virtual and physical addresses refer to addresses before and after translation by the MMU, respectively. In computer networks, physical addresses are sometimes synonymous with media access control address (Media Access Control Address, MAC) addresses. The MAC address is used to define the location of the network device in the data link layer, not on the physical layer as its name refers to.
In the embodiment of the present application, the physical address of the audio device is an address on the physical layer. In one possible example, a device identification of an audio device in an electronic device is obtained; and determining the physical address of the audio equipment according to the equipment identification.
Wherein the device identification of the audio device has a uniqueness for distinguishing other devices. The device identification of the audio device may be obtained by the identification of the driving device of each audio device stored in advance in the memory of the electronic device. The acquisition may also be performed through a dedicated sound capture API (e.g., directsound capture energy), may also be performed according to naming rules, etc., and is not limited herein.
In a high-version operating system, for example, a Win10 operating system, the electronic device includes a plurality of devices corresponding to the audio device. Referring to fig. 2, fig. 2 is a schematic diagram of a device manager in a computer. As depicted in fig. 2, the device manager includes a processor, disk drive, computer, monitor, keyboard, ergonomic input device, software device, sound, video and game controller, image device, network adapter, display adapter, audio input and output device. Wherein the sound, video and game controller, the audio input and output devices are associated with the audio device. The audio input and output devices are used to forward audio data to the sound, video and game controllers, what are actually audio device capable sound devices are the sound, video and game controllers. That is, the physical address of the audio device is the address of the device to which the sound, video, and game controller correspond.
The device identification of the sound, video and game controller is guid_devlass_media and the device identification of the audio input and output device is audiondpoint_class_uuid.
Based on this, in one possible example, the acquiring the physical address of the audio device in the electronic device includes: acquiring target equipment in a plurality of pieces of equipment corresponding to the audio equipment; a device identification of the target device is determined as a physical address of the audio device.
Taking fig. 2 as an example, the audio device corresponds to the sound, video and game controller, and the audio input and output devices. The target device is determined to be a sound, video and game controller, and then the physical address of the audio device is determined according to the device identification of the target device, namely GUID_DEVCLASS_MEDIA.
It can be understood that if the electronic device includes a plurality of devices corresponding to the audio device, the sound device that really has the audio device capability in the electronic device is determined and found first, and the physical address of the device is used as the physical address of the audio device, so that the accuracy of monitoring can be improved.
Referring to fig. 3, fig. 3 is a flow chart of a process monitoring method according to an embodiment of the invention. The method is applied to the electronic equipment, as shown in fig. 3, and the method in the embodiment of the invention comprises the following steps:
S301, acquiring a physical address of an audio device in the electronic device.
In an embodiment of the present application, the electronic device may include at least one audio device, and in order to monitor whether each audio device is invoked, a physical address of each audio device needs to be determined. The method for obtaining the physical address of the audio device may refer to the foregoing method for obtaining the physical address according to the device identifier of the audio device, which is not described herein.
S302, binding the filtering driver between the driver of the audio device and the graphic isolation program of the audio device according to the physical address.
As previously described, the filter driver may be bound between the driver of the audio device and the audio device image isolation program by the physical address of the audio device. In this manner, the filter driver may monitor the progress of the audio device.
S303, determining whether the process of the target application executes any preset code in a preset code set or not through the filtering drive.
S304, if the process is executed to one preset code in the preset code set, intercepting the response of the preset code to the data acquisition request of the audio equipment, and suspending the process.
In this embodiment of the present application, each preset code in the preset code set is used to respond to a data acquisition request of the audio device, where the data acquisition request may be triggered by a user clicking a certain function of the target application, may be generated when the target application runs in the background, may also be triggered by another third application through the target application, or the like, and is not limited herein. It should be noted that, if the third application triggers the data acquisition request through the target application, the target application includes itself and the third application.
The set of preset codes may include a first preset code for acquiring audio data of the audio device, which may be ioctl_ks_read_stream. The set of preset codes further comprises a second preset code for obtaining an audio data packet of the audio device, which may be ksPROPERTAUDIO_ GETREADPACKET. The preset code set further includes a third preset code for acquiring audio data through a physical device connected to the audio device, which may be ksPROPERTY_PIN_PHYSICALCONECTION.
It can be appreciated that the filter driver may monitor a process calling the audio device, intercept a preset code in response to a data acquisition request of the audio device, and pause the process when it is determined that a target process of the target application executes one of the preset codes in the preset code set. In this way, the target application may be prevented from acquiring audio data of the audio device.
S305, displaying the permission prompt information of the audio equipment.
In the embodiment of the application, the permission prompt information is used for prompting a user whether to open the permission of the target application to access the audio pickup. If the user selects yes, the permission of the target application to access the audio pick-up is opened, namely the target application collects the audio data through the audio pick-up. Otherwise, the right of the target application to access the audio pickup is closed, i.e. the audio pickup is not allowed to be turned on.
The method for displaying the permission prompt information is not limited, and prompt can be performed through a popup window, as shown in fig. 4, an audio pickup is taken as a microphone commonly used by users for example. The popup window of the permission prompt message comprises a prompt message of 'target application request access microphone' and a selection prompt box. The selection prompt bar includes 4 options of permit, reject, always permit and always reject. The method comprises the steps of allowing and rejecting microphone access rights aimed at a current target application, and always allowing and always rejecting microphone access rights aimed at the target application.
In one possible example, if a rejection instruction for the permission prompt is received, ending the process; or if an allowing instruction aiming at the permission prompt information is received, continuing to execute the process from the preset code.
The refusing instruction is used for refusing the data acquisition request of the response target application. That is, the right to open the target application to acquire the audio data of the audio pickup is denied. The permission instruction is for responding to a data acquisition request of the target application. That is, the target application is allowed to open the right to acquire the audio data of the audio pickup.
It can be understood that after the permission prompt information of the audio pickup is displayed, if a rejection instruction for the permission prompt information is received, the process of executing the target application is ended. If an permission instruction aiming at the permission prompt information is received, continuing to execute the preset code, namely continuing to execute the process of the target application. Therefore, whether the process is executed or not is selected according to the authority of the user, and the accuracy of process processing can be improved.
In the method shown in fig. 3, the physical address of the audio pickup in the electronic device is first acquired, and the filtering driver is bound between the driver of the audio pickup and the image isolation program of the audio device according to the physical address, so that the filtering driver can monitor the progress of the audio pickup. If the filtering driver monitors that the process of the target application is executed to one preset code in the preset code set, intercepting the preset code to respond to the data acquisition request of the audio equipment, and suspending the process. And finally, displaying the permission prompt information of the audio pick-up. Therefore, the user is prompted to choose whether to allow the target application to acquire the audio data through the permission prompt information, the privacy of the user is protected, and the safety of the electronic equipment is improved.
In one possible example, after step S304, the method further includes: determining whether the process is a malicious process; if yes, step S305 is performed.
The method for determining whether the process is a malicious process is not limited, and a blacklist pre-stored in the electronic equipment or a blacklist of a system server can be searched to determine whether the process is in the pre-stored blacklist. If yes, the process is directly determined to be a malicious process.
In a first possible example, the method further comprises: acquiring a file path of the target application according to the process; acquiring file information of the target application according to the file path; and determining whether the process is a malicious process according to the file information.
The file information includes basic information such as a name, version number, developer signature and the like of the target application, related files (for example, installation package files, cache files, download files and the like) of the target application, and attribute information such as functions, services and the like of the target application. It is understood that the basic information may identify whether it is a product of a regular company, and the attribute information may identify the purpose of calling the audio device. Thus, it may be determined whether the process is a malicious process based on the file information. And the file information is acquired by the file path of the target application acquired by the process, so that the accuracy of determining the process type can be improved.
The method for determining whether the process is a malicious process or not according to the file information is not limited, and in a possible example, the file information is identified according to a preset rule to obtain the characteristic information of the target application; and determining whether the process is a malicious process or not according to the characteristic information.
The preset rule may be an evaluation criterion of each dimension, which is not limited herein. The feature information may include naming rules for the name of the target application, communication rules for the individual files in the target application, functional uses of the target application, and so on.
Optionally, determining a malicious value corresponding to the file information according to the characteristic information; and when the malicious value is larger than a preset threshold value, determining that the process is a malicious process.
That is, a malicious value of the process is calculated from the characteristic information of the file information. If the malicious value is larger than the preset threshold value, determining the process as a malicious process. The accuracy of determining the process type can be improved by judging the malicious value.
Further, if it is determined that the target application includes a malicious plug-in according to the feature information, the process is determined to be a malicious process.
The method for determining the malicious plugin by the feature information is not limited, and the malicious plugin can be determined by inquiring through a blacklist or searching the name of the confusion character string inserted in normal naming and the like. Since the malicious plug-in transmits data to the third party application, it may be determined whether the malicious plug-in is included based on the data communication of the file. In addition, the malicious plug-in additionally adds a function on the basis of the normal function, and thus, it can be determined whether the malicious plug-in is included according to the abnormal function.
In this embodiment, if it is determined that the target application includes a malicious plug-in according to the feature information, the process is determined to be a malicious process. Thus, the malicious plug-in is used for directly determining the malicious process, and the accuracy of determining the malicious process can be improved.
In a second possible example, the method further comprises: determining the number of times that the target application refuses to open the right of the audio equipment; and if the number of times is greater than or equal to a number of times threshold, determining that the process is a malicious process.
The number of times may be the number of times of continuously refusing the right to open the audio device, the number of times of refusing the right to open the audio device in a period of time (for example, one week, one month, etc.), or the number of times of refusing the right to open the audio device in total in a history period, which is not limited herein. The frequency threshold is not limited either, and may be preset or dynamically set, for example, the frequency threshold is 60% of all reject frequencies in the electronic device.
It will be appreciated that the number of times the target application refuses to open the right to the audio device is determined. And when the times are greater than or equal to the times threshold, determining that the process corresponding to the target application is a malicious process. The accuracy of determining the malicious process can be improved by counting the rejection times to determine the malicious process.
Referring to fig. 5, fig. 5 is a flowchart of another process monitoring method according to an embodiment of the invention. The method is applied to the electronic equipment, as shown in fig. 5, and the method in the embodiment of the invention comprises the following steps:
s501, acquiring a physical address of an audio pickup in the electronic equipment.
S502, binding the filtering driver between the driver of the audio pick-up and the audio equipment graphic isolation program according to the physical address.
S503, determining whether the process of the target application executes any preset code in a preset code set or not through the filtering drive.
Steps S501 to S503 may refer to the descriptions of steps S301 to S303, and are not limited herein.
S504, if the process is executed to a third preset code in the preset code set, intercepting the third preset code to respond to the data acquisition request of the audio equipment, and suspending the process.
S505, determining a security value of the audio data corresponding to the data acquisition request.
In this embodiment, the third preset code is used to obtain audio data through a physical device connected to the audio device. And through functions for implementing the audio device when the audio device is connected to other physical devices. If the interception is direct, there may be a false interception. Therefore, after intercepting the third preset code and suspending the process, the security value of the audio data corresponding to the data acquisition request is determined. If the safety value is larger than the safety threshold value, displaying the permission prompt information of the audio equipment, and improving the prompt accuracy.
In this embodiment of the present application, the audio data corresponding to the data acquisition request may be determined according to a path corresponding to the operation of the target application calling process, and may be input audio data or output audio data, which is not limited herein. The input audio data is related to the privacy of the user, and the output audio data may be audio data recorded by the user, or may be downloadable audio data, etc., which is not limited herein. The audio data recorded by the user has privacy, and downloadable audio data may reveal habit of the user.
In the embodiment of the application, the security value is used for describing the privacy of the audio data, that is, the proportion of the target application to obtain the privacy data contained in the audio data can be determined through the security value. In one possible example, step S505 includes: acquiring privacy data in text information of the audio data; and determining the security value of the audio data according to the privacy data.
The text information can be acquired through voice recognition, and the text information reflects the content of the audio data. The privacy data may include, but is not limited to, an amount, a password, an account number, preferences, and the like. The method and the device can determine the privacy data according to the type of the privacy data and the text content of the privacy data, and can understand that the security value of the audio data is determined according to the privacy data, so that the accuracy of determining the privacy of the audio data can be improved.
In another possible example, the method further comprises: if the audio data is determined to be of an input type, determining that the safety value of the audio data is smaller than a safety threshold value, and ending the process; if the audio data is determined to be of an output type, acquiring privacy data in text information of the audio data; and determining the security value of the audio data according to the privacy data.
It will be appreciated that when the audio data is determined to be of the input type, it is directly determined that the security value of the audio data is less than the security threshold value, and the process is ended. And when the audio data is determined to be of the input type, acquiring the privacy data in the audio data, and determining the security value of the privacy data. Therefore, the accuracy of determining the safety value can be further improved by respectively discussing the input type and the output type of the audio data.
In yet another possible example, the method further comprises: acquiring a file identifier of the audio data; acquiring a first security value corresponding to the file identifier and acquiring a second security value corresponding to the privacy data; and determining the security value of the audio data according to the first security value and the second security value.
The file identifier may be a name, a copyright, or the like. It can be understood that the file identifier represents the source of the audio data, the privacy data represents the content of the audio data, and the security value of the audio data is determined by integrating the file identifier and the privacy data, so that the accuracy of determining the security value can be further improved.
In the embodiment of the present application, the security value is further used to describe the maliciousness of the target application corresponding to the data acquisition request, that is, whether the behavior of the target application for acquiring the audio data is malicious or not can be determined through the security value. In one possible example, step S505 includes: acquiring file information of the target application according to the process; determining a malicious value of the target application according to the file information; and determining the security value of the audio data according to the malicious value.
The file information may include basic information such as a name, version number, and developer signature of the target application, related files (e.g., installation package file, cache file, download file, etc.) of the target application, and attribute information such as functions and services of the target application, as described above.
It is understood that the basic information may identify whether it is a product of a regular company, and the attribute information may identify the purpose of calling the audio device, thereby determining whether the behavior of the target application to acquire the audio data is abnormal. Therefore, the malicious value of the target application is determined according to the file information, and then the security value of the audio data is determined according to the malicious value, so that the accuracy of determining the security value can be improved.
It should be noted that, when the first preset code or the second preset code is monitored, the security value of the corresponding audio data may be determined first, so as to improve the accuracy of the prompt.
And S506, if the safety value is larger than the safety threshold value, displaying the permission prompt information of the audio equipment.
The security threshold is not limited, and may be preset, or may be set according to the type of the target application, for example, the security threshold of the privacy application is larger than the security threshold of the non-privacy application.
In the method shown in fig. 5, a physical address of an audio device in an electronic device is first obtained, and a filtering driver is bound between the driver of the audio device and an image isolation program of the audio device according to the physical address, so that the filtering driver can monitor the progress of the audio device. If the filtering driver monitors that the process of the target application executes a third preset code in the preset code set, intercepting the third preset code to respond to the data acquisition request of the audio equipment, and suspending the process. And then determining the safety value of the audio data corresponding to the data acquisition request, so that false blocking can be avoided. And if the safety value is greater than the safety threshold value, displaying the permission prompt information of the audio equipment. Therefore, the user is prompted to choose whether to allow the target application to acquire the audio data through the permission prompt information, the privacy of the user is protected, and the safety of the electronic equipment is further improved.
Referring to fig. 6, fig. 6 is a block diagram of a process monitoring device according to an embodiment of the present invention. As shown in fig. 6, the apparatus 600 may include:
an obtaining unit 601, configured to obtain a physical address of an audio device in the electronic device;
a binding unit 602, configured to bind a filter driver between a driver of the audio device and an audio device graphics isolation program according to the physical address;
a monitoring unit 603, configured to determine, through the filtering driver, whether a process of the target application executes any preset code in a preset code set, where each preset code in the preset code set is used to respond to a data acquisition request of the audio device;
an execution unit 604, configured to intercept the preset code in response to a data acquisition request of the audio device if the process executes to one of the preset code sets, and pause the process; and displaying the permission prompt information of the audio equipment.
As an optional embodiment, the preset code set includes a first preset code and a second preset code, where the first preset code is used to obtain audio data of the audio device, and the second preset code is used to obtain an audio data packet of the audio device.
As an optional embodiment, the preset code set further includes a third preset code, where the third preset code is used to obtain audio data through a physical device connected to the audio device; if the process is executed to the third preset code, the obtaining unit 601 is further configured to determine a security value of audio data corresponding to the data obtaining request, where the security value is used to describe privacy of the audio data and/or maliciousness of a target application corresponding to the data obtaining request; and if the safety value is greater than the safety threshold value, calling the execution unit to execute the step of displaying the permission prompt information of the audio equipment.
As an optional embodiment, if the security value is used to describe the privacy of the audio data, the obtaining unit 601 is specifically configured to obtain the privacy data in the text information of the audio data; and determining the security value of the audio data according to the privacy data.
As an optional embodiment, if the security value is used to describe the maliciousness of the target application corresponding to the data acquisition request, the acquiring unit 601 is specifically configured to acquire file information of the target application according to the process; determining a malicious value of the target application according to the file information; and determining the security value of the audio data according to the malicious value.
As an optional embodiment, the obtaining unit 601 is specifically configured to obtain an equipment identifier of an audio device in the electronic device; and determining the physical address of the audio equipment according to the equipment identification.
As an optional embodiment, the obtaining unit 601 is specifically configured to obtain a target device from a plurality of devices corresponding to an audio device in an electronic device; and determining the identification of the target device as the device identification of the audio device.
In the apparatus depicted in fig. 6, the physical address of the audio pickup in the electronic device is first acquired, and the filter driver is bound between the driver of the audio pickup and the image isolation program of the audio device based on the physical address, so that the filter driver can monitor the progress of the audio pickup. If the filtering driver monitors that the process of the target application is executed to one preset code in the preset code set, intercepting the preset code to respond to the data acquisition request of the audio equipment, and suspending the process. And finally, displaying the permission prompt information of the audio pick-up. Therefore, the user is prompted to choose whether to allow the target application to acquire the audio data through the permission prompt information, the privacy of the user is protected, and the safety of the electronic equipment is improved.
Referring to fig. 7, fig. 7 is an electronic device according to an embodiment of the invention. The process monitoring method is suitable for electronic equipment such as mobile phones and tablet computers. As shown in fig. 7, the electronic device may include a housing 710, a processor 720, a memory 730, a circuit board 740, and a power circuit 750, wherein the circuit board 740 is disposed inside a space enclosed by the housing, and the processor 720 and the memory 730 are disposed on the circuit board 740; a power supply circuit 750 for supplying power to the respective circuits or devices of the electronic apparatus; memory 730 is used to store executable program code; the processor 720 runs a program corresponding to the executable program code by reading the executable program code stored in the memory 730 for performing the steps of:
acquiring a physical address of an audio device in the electronic device;
binding a filtering driver between the driver of the audio device and the audio device graphic isolation program according to the physical address;
determining whether a process of the target application executes any preset code in a preset code set through the filtering driver, wherein each preset code in the preset code set is used for responding to a data acquisition request of the audio equipment;
If the process is executed to one preset code in the preset code set, intercepting the response of the preset code to the data acquisition request of the audio equipment, and suspending the process;
and displaying the permission prompt information of the audio equipment.
As an optional embodiment, the preset code set includes a first preset code and a second preset code, where the first preset code is used to obtain audio data of the audio device, and the second preset code is used to obtain an audio data packet of the audio device.
As an alternative embodiment, if the process executes to the third preset code, before the displaying the permission prompt of the audio device, the processor 720 is further configured to perform the following steps:
determining a security value of the audio data corresponding to the data acquisition request, wherein the security value is used for describing the privacy of the audio data and/or the maliciousness of a target application corresponding to the data acquisition request;
and if the safety value is greater than the safety threshold value, executing the step of displaying the permission prompt information of the audio equipment.
As an alternative embodiment, if the security value is used to describe the privacy of the audio data, the processor 720 is specifically configured to perform the following steps in determining the security value of the audio data corresponding to the data acquisition request:
Acquiring privacy data in text information of the audio data;
and determining the security value of the audio data according to the privacy data.
As an optional embodiment, if the security value is used to describe the maliciousness of the target application corresponding to the data acquisition request, the processor 720 is specifically configured to, in the aspect of determining the security value of the audio data corresponding to the data acquisition request, perform the following steps:
acquiring file information of the target application according to the process;
determining a malicious value of the target application according to the file information;
and determining the security value of the audio data according to the malicious value.
As an alternative embodiment, in terms of acquiring the physical address of the audio device in the electronic device, the processor 720 is specifically configured to perform the following steps:
acquiring an equipment identifier of an audio equipment in the electronic equipment;
and determining the physical address of the audio equipment according to the equipment identification.
As an alternative embodiment, in the aspect of acquiring the device identifier of the audio device in the electronic device, the processor 720 is specifically configured to perform the following steps:
acquiring target equipment in a plurality of pieces of equipment corresponding to audio equipment in electronic equipment;
And determining the identification of the target device as the device identification of the audio device.
In the electronic device depicted in fig. 7, the physical address of the audio pickup in the electronic device is first obtained, and the filter driver is bound between the driver of the audio pickup and the image isolation program of the audio device according to the physical address, so that the filter driver can monitor the progress of the audio pickup. If the filtering driver monitors that the process of the target application is executed to one preset code in the preset code set, intercepting the preset code to respond to the data acquisition request of the audio equipment, and suspending the process. And finally, displaying the permission prompt information of the audio pick-up. Therefore, the user is prompted to choose whether to allow the target application to acquire the audio data through the permission prompt information, the privacy of the user is protected, and the safety of the electronic equipment is improved.
In one embodiment, a non-transitory computer readable storage medium is provided having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the foregoing process monitoring method.
In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all or part of the technical solution contributing to the prior art or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes or substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (16)
1. A process monitoring method, comprising:
acquiring a physical address of an audio device in an electronic device, wherein the audio device is a sound device with audio device capability, the sound device comprises a sound, a video and a game controller, the sound device does not comprise an audio input and output device, and the audio input and output device is used for forwarding audio data to the sound, the video and the game controller;
binding a filtering driver between the driver of the audio device and the audio device graphic isolation program according to the physical address;
determining whether a process of the target application executes any preset code in a preset code set through the filtering driver, wherein each preset code in the preset code set is used for responding to a data acquisition request of the audio equipment;
If the process is executed to one preset code in the preset code set, intercepting the response of the preset code to the data acquisition request of the audio equipment, and suspending the process;
and displaying the permission prompt information of the audio equipment.
2. The method of claim 1, wherein the set of preset codes includes a first preset code and a second preset code, wherein the first preset code is used to obtain audio data and the second preset code is used to obtain audio data packets.
3. The method of claim 2, wherein the set of preset codes further comprises a third preset code, wherein the third preset code is used to obtain audio data through a physical device connected to the audio device;
if the process is executed to the third preset code, before the permission prompt information of the audio device is displayed, the method further includes:
determining a security value of the audio data corresponding to the data acquisition request, wherein the security value is used for describing the privacy of the audio data and/or the maliciousness of a target application corresponding to the data acquisition request;
And if the safety value is greater than the safety threshold value, executing the step of displaying the permission prompt information of the audio equipment.
4. A method according to claim 3, wherein if the security value is used to describe the privacy of the audio data, the determining the security value of the audio data corresponding to the data acquisition request comprises:
acquiring privacy data in text information of the audio data;
and determining the security value of the audio data according to the privacy data.
5. A method according to claim 3, wherein if the security value is used to describe the malicious nature of the target application to which the data acquisition request corresponds, the determining the security value of the audio data to which the data acquisition request corresponds comprises:
acquiring file information of the target application according to the process;
determining a malicious value of the target application according to the file information;
and determining the security value of the audio data according to the malicious value.
6. The method according to any one of claims 1-5, wherein the obtaining the physical address of the audio device in the electronic device comprises:
acquiring an equipment identifier of an audio equipment in the electronic equipment;
And determining the physical address of the audio equipment according to the equipment identification.
7. The method of claim 6, wherein the obtaining the device identification of the audio device in the electronic device comprises:
acquiring target equipment in a plurality of pieces of equipment corresponding to audio equipment in electronic equipment;
and determining the identification of the target device as the device identification of the audio device.
8. A process monitoring device, comprising:
an obtaining unit, configured to obtain a physical address of an audio device in an electronic device, where the audio device is a sound device with audio device capability, the sound device includes a sound, a video, and a game controller, the sound device does not include an audio input and output device, and the audio input and output device is configured to forward audio data to the sound, video, and game controller;
the binding unit is used for binding the filtering driver between the driver of the audio equipment and the graphic isolation program of the audio equipment according to the physical address;
the monitoring unit is used for determining whether the process of the target application executes any preset code in a preset code set or not through the filtering drive, wherein each preset code in the preset code set is used for responding to a data acquisition request of the audio equipment;
The execution unit is used for intercepting a preset code to respond to a data acquisition request of the audio equipment if the process is executed to one preset code in the preset code set, and suspending the process; and displaying the permission prompt information of the audio equipment.
9. The apparatus of claim 8, wherein the set of preset codes comprises a first preset code for acquiring audio data of the audio device and a second preset code for acquiring audio data packets of the audio device.
10. The apparatus of claim 8, wherein the set of preset codes further comprises a third preset code, wherein the third preset code is configured to obtain audio data through a physical device connected to the audio device; if the process is executed to the third preset code, the acquiring unit is further configured to determine a security value of the audio data corresponding to the data acquiring request, where the security value is used to describe privacy of the audio data and/or maliciousness of a target application corresponding to the data acquiring request; and if the safety value is greater than the safety threshold value, calling the execution unit to execute the step of displaying the permission prompt information of the audio equipment.
11. The apparatus according to claim 10, wherein if the security value is used to describe the privacy of the audio data, the obtaining unit is specifically configured to obtain the privacy data in the text information of the audio data; and determining the security value of the audio data according to the privacy data.
12. The apparatus according to claim 10, wherein if the security value is used to describe a malicious property of a target application corresponding to the data acquisition request, the acquiring unit is specifically configured to acquire file information of the target application according to the process; determining a malicious value of the target application according to the file information; and determining the security value of the audio data according to the malicious value.
13. The apparatus according to any one of claims 8-12, wherein the obtaining unit is configured to obtain a device identifier of an audio device in the electronic device; and determining the physical address of the audio equipment according to the equipment identification.
14. The apparatus of claim 13, wherein the obtaining unit is specifically configured to obtain a target device from a plurality of devices corresponding to an audio device in the electronic device; and determining the identification of the target device as the device identification of the audio device.
15. An electronic device, comprising: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space surrounded by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor runs a program corresponding to executable program code stored in the memory by reading the executable program code for performing the method according to any one of claims 1-7.
16. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the method according to any of claims 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010458622.4A CN111651764B (en) | 2020-05-26 | 2020-05-26 | Process monitoring method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010458622.4A CN111651764B (en) | 2020-05-26 | 2020-05-26 | Process monitoring method and device, electronic equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111651764A CN111651764A (en) | 2020-09-11 |
CN111651764B true CN111651764B (en) | 2023-12-26 |
Family
ID=72346922
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010458622.4A Active CN111651764B (en) | 2020-05-26 | 2020-05-26 | Process monitoring method and device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111651764B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254917B (en) * | 2021-06-01 | 2021-10-15 | 武汉深之度科技有限公司 | Recording permission management method, computing device and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102202062A (en) * | 2011-06-03 | 2011-09-28 | 苏州九州安华信息安全技术有限公司 | Method and apparatus for realizing access control |
CN107305609A (en) * | 2016-04-25 | 2017-10-31 | 卡巴斯基实验室股份制公司 | For preventing the system and method to the unauthorized access of voice data |
CN108549798A (en) * | 2018-04-12 | 2018-09-18 | 珠海市魅族科技有限公司 | Terminal equipment control method and device, terminal device and computer readable storage medium |
CN109697359A (en) * | 2018-12-19 | 2019-04-30 | 惠州Tcl移动通信有限公司 | A kind of message prompt method, device, storage medium and electronic equipment |
CN110334529A (en) * | 2019-06-24 | 2019-10-15 | 歌尔科技有限公司 | Data processing method, device, equipment, system and audio frequency apparatus |
CN110598410A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Malicious process determination method and device, electronic device and storage medium |
-
2020
- 2020-05-26 CN CN202010458622.4A patent/CN111651764B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102202062A (en) * | 2011-06-03 | 2011-09-28 | 苏州九州安华信息安全技术有限公司 | Method and apparatus for realizing access control |
CN107305609A (en) * | 2016-04-25 | 2017-10-31 | 卡巴斯基实验室股份制公司 | For preventing the system and method to the unauthorized access of voice data |
CN108549798A (en) * | 2018-04-12 | 2018-09-18 | 珠海市魅族科技有限公司 | Terminal equipment control method and device, terminal device and computer readable storage medium |
CN109697359A (en) * | 2018-12-19 | 2019-04-30 | 惠州Tcl移动通信有限公司 | A kind of message prompt method, device, storage medium and electronic equipment |
CN110334529A (en) * | 2019-06-24 | 2019-10-15 | 歌尔科技有限公司 | Data processing method, device, equipment, system and audio frequency apparatus |
CN110598410A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Malicious process determination method and device, electronic device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN111651764A (en) | 2020-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2766846B1 (en) | System and method for profile based filtering of outgoing information in a mobile environment | |
KR101737726B1 (en) | Rootkit detection by using hardware resources to detect inconsistencies in network traffic | |
KR101483839B1 (en) | Protecting video content using virtualization | |
Michéle et al. | Watch and be watched: Compromising all smart tv generations | |
Petracca et al. | {AWare}: Preventing Abuse of {Privacy-Sensitive} Sensors via Operation Bindings | |
CN108932428B (en) | Lesog software processing method, device, equipment and readable storage medium | |
KR101839647B1 (en) | Per process networking capabilities | |
US11290469B2 (en) | Methods and apparatus to detect and prevent host firewall bypass threats through a data link layer | |
US9942268B1 (en) | Systems and methods for thwarting unauthorized attempts to disable security managers within runtime environments | |
CN109783316B (en) | Method and device for identifying tampering behavior of system security log, storage medium and computer equipment | |
Lei et al. | A threat to mobile cyber-physical systems: Sensor-based privacy theft attacks on android smartphones | |
CN105868625B (en) | Method and device for intercepting restart deletion of file | |
CN111651763B (en) | Process monitoring method and device, electronic equipment and storage medium | |
CN109918909A (en) | User's smart machine and its privacy of user guard method based on operation exception | |
CN106682493B (en) | A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment | |
CN111651764B (en) | Process monitoring method and device, electronic equipment and storage medium | |
CN106127034B (en) | A kind of method, apparatus that anti-locking system is maliciously closed and electronic equipment | |
CN111639339B (en) | Process monitoring method and device, electronic equipment and storage medium | |
CN103530550B (en) | File/applied program processing method on communication terminal and device | |
CN105791221B (en) | Rule issuing method and device | |
Michele et al. | Using malicious media files to compromise the security and privacy of smart TVs | |
Farley et al. | Roving bugnet: Distributed surveillance threat and mitigation | |
US20080104704A1 (en) | Security for physically unsecured software elements | |
CN106127051A (en) | Method and device for preventing mouse from being maliciously captured and electronic equipment | |
CN114285622B (en) | Active trapping security defense method, system, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |