CN111797391A - High-risk process processing method and device, storage medium and electronic equipment - Google Patents
High-risk process processing method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN111797391A CN111797391A CN201910282167.4A CN201910282167A CN111797391A CN 111797391 A CN111797391 A CN 111797391A CN 201910282167 A CN201910282167 A CN 201910282167A CN 111797391 A CN111797391 A CN 111797391A
- Authority
- CN
- China
- Prior art keywords
- risk level
- preset
- behavior information
- risk
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The application discloses a high risk process processing method, which comprises the following steps: the method comprises the steps of obtaining behavior information of the electronic equipment currently operated by a user, searching whether preset behavior information identical to the behavior information exists in a preset behavior set, obtaining a process operated by the electronic equipment if the preset behavior information exists, determining a risk level of the process according to a preset algorithm model, and processing the process according to the risk level. The application also provides a processing device, a storage medium and an electronic device of the high-risk process.
Description
Technical Field
The present application belongs to the technical field of electronic devices, and in particular, to a method and an apparatus for processing a high risk process, a storage medium, and an electronic device.
Background
With the development of electronic technology, electronic devices such as smart phones have become more and more intelligent. The electronic device may perform data processing through various algorithmic models to provide various functions to the user. For example, the electronic device may learn behavior characteristics of the user according to the algorithm model, thereby providing personalized services to the user.
Disclosure of Invention
The application provides a high-risk process processing method and device, a storage medium and electronic equipment, which can improve the safety of the electronic equipment.
In a first aspect, an embodiment of the present application provides a method for processing a high-risk process, including:
acquiring behavior information of the electronic equipment currently operated by a user;
searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
if the process exists, acquiring the currently running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model;
and processing the process according to the risk level.
In a second aspect, an embodiment of the present application provides a processing apparatus for a high-risk process, including: the device comprises a first acquisition module, a search module, a determination module and a processing module;
the first acquisition module is used for acquiring the behavior information of the electronic equipment currently operated by the user;
the searching module is used for searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
the determining module is used for acquiring the currently running process of the electronic equipment when the process exists, and determining the risk level of the process according to a preset algorithm model;
and the processing module is used for processing the process according to the risk level.
In a third aspect, an embodiment of the present application provides a storage medium, on which a computer program is stored, and when the computer program runs on a computer, the computer program causes the computer to execute the processing method of the high-risk process.
In a fourth aspect, an embodiment of the present application provides an electronic device, including a processor and a memory, where the memory stores a plurality of instructions, and the processor loads the instructions in the memory to perform the following steps:
acquiring behavior information of the electronic equipment currently operated by a user;
searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
if the process exists, acquiring the currently running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model;
and processing the process according to the risk level.
The method for processing the high-risk process can acquire the behavior information of the electronic equipment currently operated by the user, search whether the preset behavior information identical to the behavior information exists in the preset behavior set, acquire the currently running process of the electronic equipment if the preset behavior information exists, determine the risk level of the process according to the preset algorithm model, and process the process according to the risk level. According to the method and the device, when the user behavior is sensitive, the risk level of the process running in the electronic equipment can be detected, and the process with the higher risk level is closed, so that the safety of the electronic equipment is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is an application scenario diagram of a processing method for a high-risk process according to an embodiment of the present application.
Fig. 2 is a schematic flowchart of a processing method of a high-risk process according to an embodiment of the present application.
Fig. 3 is another schematic flow chart of a processing method of a high risk process according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of a high-risk process processing apparatus according to an embodiment of the present disclosure.
Fig. 5 is another schematic structural diagram of a processing apparatus for high risk process according to an embodiment of the present disclosure.
Fig. 6 is a schematic structural diagram of a processing apparatus for high risk processes according to an embodiment of the present disclosure.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Fig. 8 is another schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Referring to the drawings, wherein like reference numbers refer to like elements, the principles of the present application are illustrated as being implemented in a suitable computing environment. The following description is based on illustrated embodiments of the application and should not be taken as limiting the application with respect to other embodiments that are not detailed herein.
In the description that follows, specific embodiments of the present application will be described with reference to steps and symbols executed by one or more computers, unless otherwise indicated. Accordingly, these steps and operations will be referred to, several times, as being performed by a computer, the computer performing operations involving a processing unit of the computer in electronic signals representing data in a structured form. This operation transforms the data or maintains it at locations in the computer's memory system, which may be reconfigured or otherwise altered in a manner well known to those skilled in the art. The data maintains a data structure that is a physical location of the memory that has particular characteristics defined by the data format. However, while the principles of the application have been described in language specific to above, it is not intended to be limited to the specific form set forth herein, and it will be recognized by those of ordinary skill in the art that various of the steps and operations described below may be implemented in hardware.
The terms "first", "second", and "third", etc. in this application are used to distinguish between different objects and not to describe a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or modules is not limited to only those steps or modules listed, but rather, some embodiments may include other steps or modules not listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, fig. 1 is a schematic view of an application scenario of a processing method for a high-risk process according to an embodiment of the present application. The processing method of the high-risk process is applied to the electronic equipment. A panoramic perception framework is arranged in the electronic equipment. The panorama sensing architecture is an integration of hardware and software for implementing the processing method of the high-risk process in the electronic device.
The panoramic perception architecture comprises an information perception layer, a data processing layer, a feature extraction layer, a scene modeling layer and an intelligent service layer.
The information perception layer is used for acquiring information of the electronic equipment or information in an external environment. The information-perceiving layer may include a plurality of sensors. For example, the information sensing layer includes a plurality of sensors such as a distance sensor, a magnetic field sensor, a light sensor, an acceleration sensor, a fingerprint sensor, a hall sensor, a position sensor, a gyroscope, an inertial sensor, an attitude sensor, a barometer, and a heart rate sensor.
Among other things, a distance sensor may be used to detect a distance between the electronic device and an external object. The magnetic field sensor may be used to detect magnetic field information of the environment in which the electronic device is located. The light sensor can be used for detecting light information of the environment where the electronic equipment is located. The acceleration sensor may be used to detect acceleration data of the electronic device. The fingerprint sensor may be used to collect fingerprint information of a user. The Hall sensor is a magnetic field sensor manufactured according to the Hall effect, and can be used for realizing automatic control of electronic equipment. The location sensor may be used to detect the geographic location where the electronic device is currently located. Gyroscopes may be used to detect angular velocity of an electronic device in various directions. Inertial sensors may be used to detect motion data of an electronic device. The gesture sensor may be used to sense gesture information of the electronic device. A barometer may be used to detect the barometric pressure of the environment in which the electronic device is located. The heart rate sensor may be used to detect heart rate information of the user.
And the data processing layer is used for processing the data acquired by the information perception layer. For example, the data processing layer may perform data cleaning, data integration, data transformation, data reduction, and the like on the data acquired by the information sensing layer.
The data cleaning refers to cleaning a large amount of data acquired by the information sensing layer to remove invalid data and repeated data. The data integration refers to integrating a plurality of single-dimensional data acquired by the information perception layer into a higher or more abstract dimension so as to comprehensively process the data of the plurality of single dimensions. The data transformation refers to performing data type conversion or format conversion on the data acquired by the information sensing layer so that the transformed data can meet the processing requirement. The data reduction means that the data volume is reduced to the maximum extent on the premise of keeping the original appearance of the data as much as possible.
The characteristic extraction layer is used for extracting characteristics of the data processed by the data processing layer so as to extract the characteristics included in the data. The extracted features may reflect the state of the electronic device itself or the state of the user or the environmental state of the environment in which the electronic device is located, etc.
The feature extraction layer may extract features or process the extracted features by a method such as a filtering method, a packing method, or an integration method.
The filtering method is to filter the extracted features to remove redundant feature data. Packaging methods are used to screen the extracted features. The integration method is to integrate a plurality of feature extraction methods together to construct a more efficient and more accurate feature extraction method for extracting features.
The scene modeling layer is used for building a model according to the features extracted by the feature extraction layer, and the obtained model can be used for representing the state of the electronic equipment, the state of a user, the environment state and the like. For example, the scenario modeling layer may construct a key value model, a pattern identification model, a graph model, an entity relation model, an object-oriented model, and the like according to the features extracted by the feature extraction layer.
The intelligent service layer is used for providing intelligent services for the user according to the model constructed by the scene modeling layer. For example, the intelligent service layer can provide basic application services for users, perform system intelligent optimization for electronic equipment, and provide personalized intelligent services for users.
In addition, the panoramic perception architecture can further comprise a plurality of algorithms, each algorithm can be used for analyzing and processing data, and the plurality of algorithms can form an algorithm library. For example, the algorithm library may include algorithms such as a markov algorithm, a hidden dirichlet distribution algorithm, a bayesian classification algorithm, a support vector machine, a K-means clustering algorithm, a K-nearest neighbor classification algorithm, a conditional random field, a residual error network, a long-short term memory network, a convolutional neural network, and a cyclic neural network.
An execution main body of the high-risk process processing method may be the high-risk process processing apparatus provided in the embodiment of the present application, or an electronic device integrated with the high-risk process processing apparatus, where the high-risk process processing apparatus may be implemented in a hardware or software manner.
The embodiments of the present application will be described from the perspective of a processing apparatus for a high-risk process, which may be specifically integrated in an electronic device. The processing method of the high-risk process comprises the following steps:
acquiring behavior information of the electronic equipment currently operated by a user;
searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
if the process exists, acquiring the currently running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model;
and processing the process according to the risk level.
In one embodiment, before obtaining the behavior information of the electronic device currently operated by the user, the method further includes:
acquiring all behavior information of the user operating the electronic equipment within a preset time period;
classifying the behavior information according to a preset algorithm, wherein the classification comprises a sensitive classification and a safe classification;
and generating the preset behavior set according to the behavior information corresponding to the sensitive classification.
In one embodiment, determining the risk level of the process according to a preset algorithm model includes:
extracting characteristic information of the process;
and inputting the characteristic information serving as a characteristic vector into the preset algorithm model so as to predict the risk level of the process.
In an embodiment, inputting the feature information as a feature vector into the preset algorithm model to predict the risk level of the process includes:
inputting the characteristic information into the preset algorithm model as a characteristic vector, and outputting a plurality of risk levels and corresponding probabilities of the process;
and determining the prediction risk level of the process according to the probability.
In one embodiment, processing the process according to the risk level includes:
judging whether the risk level meets a first preset risk level or not;
if so, closing the process.
In one embodiment, processing the process according to the risk level includes:
judging whether the risk level meets a second preset risk level or not;
if so, generating prompt information, wherein the prompt information comprises the process identification;
and receiving a feedback instruction of the user aiming at the prompt message and closing the process according to the instruction.
In one embodiment, the predetermined algorithm model is a recurrent neural network model.
Referring to fig. 2, fig. 2 is a flowchart illustrating a processing method of a high risk process according to an embodiment of the present application. The method for processing the high-risk process, provided by the embodiment of the application, is applied to the electronic equipment, and the specific process can be as follows:
In an embodiment, the electronic device obtains behavior information of the electronic device currently operated by a user through an information sensing layer of a panoramic sensing framework, where the behavior information is operations performed by the user for various functions in the electronic device during using the electronic device, such as opening an application, reducing volume, reducing screen brightness, paying a fingerprint, and the like.
It should be noted that, when a user uses an electronic device, a click operation is often required, and the click operation may be performed by touching a display screen with a hand, or by pressing a physical key, or by performing an operation in a voice recognition manner, and the like, which is not further limited in this application.
When the user operates the electronic equipment, the user operation comprises an effective operation and an ineffective operation. The valid operation line may be, for example, an effective operation in which the user clicks a link, a picture, a slide screen, or the like in the web page when the user browses the web page. The invalidation operation may be, for example, an invalidation operation in which, when the user browses a web page, the user clicks a blank of the browser web page to extend the display time of the screen of the mobile terminal. In an embodiment, after receiving a user operation for an electronic device, it may further be determined whether the user operation is an effective operation, if so, generating corresponding behavior information according to the effective operation, and if not, ignoring the user operation.
In one embodiment, the behavior information may also include associated application identification, such as fingerprint payment in application A, volume adjustment in application B, brightness adjustment in application C, and so forth. The application identifier may be an application identifier that is currently running in the foreground of the electronic device when the user operates the electronic device, and the application identifier may be a name of an application.
In an embodiment, the preset behavior set may be preset, for example, behavior information sensitive during the use of the electronic device is added to the preset behavior set. The preset set of behaviors may include: specifically, after behavior information of a user currently operating the electronic device is obtained, whether preset behavior information identical to the current behavior information exists or not is searched in the preset behavior information set, if yes, the current behavior information is determined to be a sensitive behavior, and if not, the current flow is ended.
When the preset behavior set is set, it is necessary to determine whether the behavior information is sensitive, and there are various ways for determining whether the behavior information is sensitive. For example, in an embodiment, an application identifier associated with behavior information may be obtained, and then it is determined whether the application identifier is a preset identifier, and if so, it is determined that the behavior information is sensitive. The preset identifier is an identifier of an application program with a higher importance degree, and can be specifically set by a user or automatically set by an electronic equipment system.
In an embodiment, behavior information of the user in a preset time period can be acquired, and then classification learning is performed on the behavior information of the user according to a preset algorithm, wherein the classification learning is mainly divided into two categories, namely sensitive classification and safety classification. The preset algorithm may be a K-Nearest Neighbor (KNN) algorithm. Wherein KNN is classified by measuring the distance between different characteristic values. The idea is as follows: a sample belongs to a class if the majority of the K most similar samples in feature space (i.e. the nearest neighbors in feature space) belong to this class, where K is typically an integer no greater than 20. In the KNN algorithm, the selected neighbors are all objects that have been correctly classified. The method only determines the category of the sample to be classified according to the category of the nearest sample or a plurality of samples in the classification decision.
And 103, acquiring the current running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model.
Specifically, the electronic device has multiple processes in a runtime system, where a process is a running activity of a program with certain independent functions with respect to a certain data set. A process is an entity, each having its own address space, typically comprising a text region, a data region, and a stack region. In an embodiment, the process currently running by the electronic device may be acquired according to a state of the process. When the electronic device runs, the system detects the states of all processes on the device and determines the process in the active state as the currently running process.
After the current process is obtained, the risk level of the process is further determined according to a preset algorithm model, wherein the preset algorithm model can adopt a recurrent neural network model to detect high-risk behaviors in the process mainly according to a large amount of manually collected and marked supervision data, and the risk level of the process is generated according to a detection result. For example, the more high-risk behavior in a process, the higher the risk level of the process, and the less high-risk behavior in a process, the lower the risk level of the process.
And 104, processing the process according to the risk level.
In one embodiment, whether to shut down a process may be determined based on the risk level of the process. Specifically, it may be determined whether the risk level of the process is higher than a preset risk level, and if so, the process is closed, and if not, the process is retained. For example, the risk levels of the processes may include 5, which are respectively a first risk level, a second risk level, a third risk level, a fourth risk level, and a fifth risk level, and the preset risk level may be set as the third risk level, so that the processes corresponding to the fourth risk level and the fifth risk level running in the electronic device may be closed, and the processes corresponding to the first risk level, the second risk level, and the third risk level are reserved.
In an embodiment, the user may further set a preset process set, for example, the user sets some important processes as a white list, so as to avoid problems such as data loss caused by closing the important processes. That is, before closing the process, it may be determined whether the process is a preset process, if so, the process is retained, and if not, the step of closing the process is continuously performed.
As can be seen from the above, the method for processing a high-risk process provided in the embodiment of the present application can obtain the behavior information of the user currently operating the electronic device, search whether the preset behavior information identical to the behavior information exists in the preset behavior set, obtain the currently running process of the electronic device if the preset behavior information exists, determine the risk level of the process according to the preset algorithm model, and process the process according to the risk level. According to the method and the device, when the user behavior is sensitive, the risk level of the process running in the electronic equipment can be detected, and the process with the higher risk level is closed, so that the safety of the electronic equipment is improved.
The cleaning method of the present application will be further described below on the basis of the method described in the above embodiment. Referring to fig. 3, fig. 3 is another schematic flow chart of a processing method of a high-risk process according to an embodiment of the present application, where the processing method of the high-risk process includes:
In an embodiment, the electronic device obtains behavior information of a user operating the electronic device within a preset time period through an information sensing layer of a panoramic sensing framework, where the behavior information is operations performed by the user for various functions in the electronic device during using the electronic device, such as opening an application, reducing volume, reducing screen brightness, paying a fingerprint, and the like.
The behavior information of the user in the preset time period is to classify the behavior information frequently used by the user in daily life, so that the behavior information of the user in a longer time period can be obtained to improve the completeness and accuracy of a scheme, for example, the preset time period can be twenty days or thirty days, and the preset time period can also be set by the user according to the requirement, and the application does not further limit the time period.
In one embodiment, the behavior information may be classified according to a K-nearest neighbor classification algorithm, and the KNN is classified by measuring distances between different feature values, wherein the classification includes a sensitive classification and a security classification.
And 203, generating a preset behavior set according to the behavior information corresponding to the sensitive classification.
Specifically, if the classification corresponding to the behavior information of the user is determined to be sensitive, the behavior information is added into a preset behavior set. The preset set of behaviors may include: reading contact persons, reading short messages, making a call, acquiring position information, locking a screen, encrypting a file and the like.
It should be noted that, when a user uses an electronic device, a click operation is often required, and the click operation may be performed by touching a display screen with a hand, or by pressing a physical key, or by performing an operation in a voice recognition manner, and the like, which is not further limited in this application.
After behavior information of the electronic equipment currently operated by the user is acquired, whether preset behavior information identical to the current behavior information exists or not is searched in a preset behavior information set, if yes, the current behavior information is determined to be a sensitive behavior, and if not, the current process is ended.
And step 206, acquiring the currently running process of the electronic equipment, and extracting the characteristic information of the process.
In an embodiment, the process currently running by the electronic device may be acquired according to a state of the process. When the electronic device runs, the system detects the states of all processes on the device and determines the process in the active state as the currently running process.
Further, the characteristic information of the process in the active state is extracted. In an embodiment, the attribute information, the behavior information, the file memory information, the corresponding entity file information, and the like of the process may be extracted.
And step 207, inputting the characteristic information serving as a characteristic vector into a preset algorithm model so as to predict the risk level of the process.
The extracted attribute information, behavior information, file memory information and corresponding entity file information of the process can be used as feature vectors and input into a recurrent neural network model, so that the recurrent neural network model can predict the risk level of the process.
In an embodiment, 5 risk levels may be preset, which are respectively a first risk level, a second risk level, a third risk level, a fourth risk level and a fifth risk level, a probability of each risk level is predicted through a recurrent neural network model, and then a target risk level is determined according to a prediction probability value of each risk level, for example, the risk level with the maximum prediction probability value is determined as the target risk level. Namely, inputting the feature information into the preset algorithm model as a feature vector to predict the risk level of the process, wherein the predicting comprises:
inputting the characteristic information into the preset algorithm model as a characteristic vector, and outputting a plurality of risk levels and corresponding probabilities of the process;
and determining the prediction risk level of the process according to the probability.
And step 208, processing the process according to the risk level.
In an embodiment, whether to shut down the process may be determined according to the risk level of the process, and specifically, one or more first preset risk levels may be set, for example, a fourth risk level and a fifth risk level, after the risk level of the process is predicted, if the fourth risk level or the fifth risk level, the process is shut down, and if the first risk level or the second risk level or the third risk level, the process is reserved. That is, the process is processed according to the risk level, including:
judging whether the risk level meets a first preset risk level or not;
if so, closing the process.
In an embodiment, one or more second preset risk levels may also be set, for example, a third risk level, after the risk level of the process is predicted, if the third risk level is the third risk level, a corresponding reminder is provided for the user, and the user determines whether to shut down the process. That is, the process is processed according to the risk level, including:
judging whether the risk level meets a second preset risk level or not;
if so, generating prompt information, wherein the prompt information comprises the process identification;
and receiving a feedback instruction of the user aiming at the prompt message and closing the process according to the instruction.
As can be seen from the above, the method for processing a high-risk process provided in this embodiment of the present application may classify, at a third risk level, behavior information according to a preset algorithm, where the classification includes a sensitive classification and a security classification, generate a preset behavior set according to the behavior information corresponding to the sensitive classification, obtain the behavior information of the electronic device currently operated by the user, search for whether there is preset behavior information that is the same as the behavior information in the preset behavior set, if there is the preset behavior information, obtain a process currently operated by the electronic device, extract feature information of the process, input the feature information as a feature vector into a preset algorithm model, predict a risk level of the process, and process the process according to the risk level. According to the method and the device, the classification library of the personalized user sensitive behaviors can be constructed, when the user behaviors are sensitive, the risk level of the process running in the electronic equipment is detected, and the process can be subjected to targeted processing according to different risk levels, so that the safety of the electronic equipment is improved.
The embodiment of the present application further provides an algorithm model, for example, a recurrent neural network model, where the recurrent neural network model is used to obtain a currently running process of the electronic device when the behavior information of the user currently operating the electronic device is preset behavior information, and determine a risk level of the process according to the preset algorithm model, so that the electronic device processes the process according to the risk level.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a high risk process processing device according to an embodiment of the present disclosure. The processing apparatus 30 of the high-risk process includes a first obtaining module 301, a searching module 302, a determining module 303, and a processing module 304;
the first obtaining module 301 is configured to obtain behavior information of a user currently operating an electronic device.
In an embodiment, the electronic device obtains behavior information of the electronic device currently operated by the user through a first obtaining module 301 of the panoramic sensing framework, where the first obtaining module 301 may include an information sensing layer, where the behavior information is operations performed by the user for various functions in the electronic device during using the electronic device, such as opening an application, reducing volume, reducing screen brightness, paying a fingerprint, and the like.
It should be noted that, when a user uses an electronic device, a click operation is often required, and the click operation may be performed by touching a display screen with a hand, or by pressing a physical key, or by performing an operation in a voice recognition manner, and the like, which is not further limited in this application.
The searching module 302 is configured to search whether preset behavior information identical to the behavior information exists in a preset behavior set.
In an embodiment, the preset behavior set may be preset, for example, behavior information sensitive during the use of the electronic device is added to the preset behavior set. The preset set of behaviors may include: specifically, after behavior information of the user currently operating the electronic device is obtained, the searching module 302 searches whether preset behavior information identical to the current behavior information exists in the preset behavior information set, if so, the current behavior information is determined to be a sensitive behavior, and if not, the current flow is ended.
The determining module 303 is configured to, when the process exists, obtain a currently running process of the electronic device, and determine a risk level of the process according to a preset algorithm model.
In an embodiment, the process currently running by the electronic device may be acquired according to a state of the process. When the electronic device runs, the system detects the states of all processes on the device and determines the process in the active state as the currently running process.
The determining module 303 determines the risk level of the process according to a preset algorithm model, wherein the preset algorithm model mainly adopts a recurrent neural network model to detect a high risk behavior in the process according to a large amount of artificially collected and labeled supervisory data, and generates the risk level of the process according to a detection result. For example, the more high-risk behavior in a process, the higher the risk level of the process, and the less high-risk behavior in a process, the lower the risk level of the process.
The processing module 304 is configured to process the process according to the risk level.
In one embodiment, the processing module 304 may determine whether to shut down a process based on the risk level of the process. Specifically, it may be determined whether the risk level of the process is higher than a preset risk level, and if so, the process is closed, and if not, the process is retained. For example, the risk levels of the processes may include 5, which are respectively a first risk level, a second risk level, a third risk level, a fourth risk level, and a fifth risk level, and the preset risk level may be set as the third risk level, so that the processes corresponding to the fourth risk level and the fifth risk level running in the electronic device may be closed, and the processes corresponding to the first risk level, the second risk level, and the third risk level are reserved.
In an embodiment, please refer to fig. 5, fig. 5 is a schematic structural diagram of a processing apparatus for a high risk process according to an embodiment of the present application, wherein the processing apparatus 30 for a high risk process further includes: a second obtaining module 305, a classifying module 306 and a generating module 307;
the second obtaining module 305 is configured to obtain all behavior information of the user operating the electronic device within a preset time period before the first obtaining module obtains the behavior information of the user currently operating the electronic device;
the classification module 306 is configured to classify the behavior information according to a preset algorithm, where the classification includes a sensitive classification and a security classification;
the generating module 307 is configured to generate the preset behavior set according to the behavior information corresponding to the sensitive classification.
In one embodiment, as shown in fig. 6, the determining module 303 includes: an extraction submodule 3031 and a prediction submodule 3032;
the extraction submodule 3031 is configured to extract feature information of the process;
the prediction submodule 3032 is configured to input the feature information as a feature vector to the preset algorithm model, so as to predict the risk level of the process.
The prediction submodule 3032 is specifically configured to input the feature information as a feature vector into the preset algorithm model, output a plurality of risk levels and corresponding probabilities of the process, and determine a predicted risk level of the process according to the probabilities.
In one embodiment, the processing module 304 includes: a decision sub-module 3041 and a close sub-module 3042;
the determining submodule 3041 is configured to determine whether the risk level meets a first preset risk level;
the closing submodule 3042 is configured to close the process when the determining submodule 3041 determines that the process is yes.
As can be seen from the above, the processing device for a high-risk process according to the embodiment of the present application may obtain the behavior information of the electronic device currently operated by the user, search whether the preset behavior information identical to the behavior information exists in the preset behavior set, if so, obtain the currently operated process of the electronic device, determine the risk level of the process according to the preset algorithm model, and process the process according to the risk level. According to the method and the device, when the user behavior is sensitive, the risk level of the process running in the electronic equipment can be detected, and the process with the higher risk level is closed, so that the safety of the electronic equipment is improved.
In this embodiment of the application, the processing apparatus of the high-risk process and the processing method of the high-risk process in the above embodiments belong to the same concept, and any method provided in the embodiment of the processing method of the high-risk process may be run on the processing apparatus of the high-risk process, and a specific implementation process thereof is described in detail in the embodiment of the processing method of the high-risk process, and is not described herein again.
The term "module" as used herein may be considered a software object executing on the computing system. The different components, modules, engines, and services described herein may be considered as implementation objects on the computing system. The apparatus and method described herein may be implemented in software, but may also be implemented in hardware, and are within the scope of the present application.
The embodiment of the present application further provides a storage medium, on which a computer program is stored, and when the computer program runs on a computer, the computer is caused to execute the processing method of the high-risk process.
The embodiment of the application also provides an electronic device, such as a tablet computer, a mobile phone and the like. The processor in the electronic device loads instructions corresponding to processes of one or more application programs into the memory according to the following steps, and the processor runs the application programs stored in the memory, so that various functions are realized:
acquiring behavior information of the electronic equipment currently operated by a user;
searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
if the process exists, acquiring the currently running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model;
and processing the process according to the risk level.
In an embodiment, before obtaining the behavior information of the electronic device currently operated by the user, the processor is further configured to perform the following steps:
acquiring all behavior information of the user operating the electronic equipment within a preset time period;
classifying the behavior information according to a preset algorithm, wherein the classification comprises a sensitive classification and a safe classification;
and generating the preset behavior set according to the behavior information corresponding to the sensitive classification.
In one embodiment, when determining the risk level of the process according to a preset algorithm model, the processor is configured to perform the following steps:
extracting characteristic information of the process;
and inputting the characteristic information serving as a characteristic vector into the preset algorithm model so as to predict the risk level of the process.
In an embodiment, when the feature information is input into the preset algorithm model as a feature vector to predict the risk level of the process, the processor is configured to perform the following steps:
inputting the characteristic information into the preset algorithm model as a characteristic vector, and outputting a plurality of risk levels and corresponding probabilities of the process;
and determining the prediction risk level of the process according to the probability.
In one embodiment, when processing the process according to the risk level, the processor is configured to perform the following steps:
judging whether the risk level meets a first preset risk level or not;
if so, closing the process.
In one embodiment, when processing the process according to the risk level, the processor is configured to perform the following steps:
judging whether the risk level meets a second preset risk level or not;
if so, generating prompt information, wherein the prompt information comprises the process identification;
and receiving a feedback instruction of the user aiming at the prompt message and closing the process according to the instruction.
In one embodiment, the predetermined algorithm model is a recurrent neural network model.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Referring to fig. 7, the electronic device 400 includes a processor 401 and a memory 402. The processor 401 is electrically connected to the memory 402.
The processor 400 is a control center of the electronic device 400, connects various parts of the entire electronic device using various interfaces and lines, performs various functions of the electronic device 400 by running or loading a computer program stored in the memory 402 and calling data stored in the memory 402, and processes the data, thereby monitoring the electronic device 400 as a whole.
The memory 402 may be used to store software programs and modules, and the processor 401 executes various functional applications and data processing by operating the computer programs and modules stored in the memory 402. The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, a computer program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 402 may also include a memory controller to provide the processor 401 access to the memory 402.
In this embodiment, the processor 401 in the electronic device 400 loads instructions corresponding to one or more processes of the computer program into the memory 402 according to the following steps, and the processor 401 runs the computer program stored in the memory 402, so as to implement various functions, as follows:
acquiring behavior information of the electronic equipment currently operated by a user;
searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
if the process exists, acquiring the currently running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model;
and processing the process according to the risk level.
Referring to fig. 8, in some embodiments, the electronic device 400 may further include: a display 403, radio frequency circuitry 404, audio circuitry 405, and a power supply 406. The display 403, the rf circuit 404, the audio circuit 405, and the power source 406 are electrically connected to the processor 401.
The display 403 may be used to display information entered by or provided to the user as well as various graphical user interfaces, which may be made up of graphics, text, icons, video, and any combination thereof. The Display 403 may include a Display panel, and in some embodiments, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The rf circuit 404 may be used for transceiving rf signals to establish wireless communication with a network device or other electronic devices through wireless communication, and for transceiving signals with the network device or other electronic devices.
The audio circuit 405 may be used to provide an audio interface between the user and the electronic device through a speaker, microphone.
The power supply 406 may be used to power various components of the electronic device 400. In some embodiments, power supply 406 may be logically coupled to processor 401 via a power management system, such that functions to manage charging, discharging, and power consumption management are performed via the power management system.
Although not shown in fig. 8, the electronic device 400 may further include a camera, a bluetooth module, and the like, which are not described in detail herein.
In the embodiment of the present application, the storage medium may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It should be noted that, for the processing method of the high-risk process in the embodiment of the present application, it can be understood by a person skilled in the art that all or part of the flow of the processing method of the high-risk process in the embodiment of the present application can be completed by controlling the relevant hardware through a computer program, where the computer program can be stored in a computer readable storage medium, such as a memory of an electronic device, and executed by at least one processor in the electronic device, and the execution process can include the flow of the embodiment of the processing method of the high-risk process. The storage medium may be a magnetic disk, an optical disk, a read-only memory, a random access memory, etc.
In the processing apparatus for high risk processes according to the embodiment of the present application, each functional module may be integrated into one processing chip, or each module may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium, such as a read-only memory, a magnetic or optical disk, or the like.
The method, the apparatus, the storage medium, and the electronic device for processing a high-risk process provided in the embodiments of the present application are described in detail above, and a specific example is applied in the description to explain the principles and embodiments of the present application, and the description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for those skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A method for handling high risk processes, the method comprising the steps of:
acquiring behavior information of the electronic equipment currently operated by a user;
searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
if the process exists, acquiring the currently running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model;
and processing the process according to the risk level.
2. The method for processing high-risk processes according to claim 1, wherein before acquiring the behavior information of the user currently operating the electronic device, the method further comprises:
acquiring all behavior information of the user operating the electronic equipment within a preset time period;
classifying the behavior information according to a preset algorithm, wherein the classification comprises a sensitive classification and a safe classification;
and generating the preset behavior set according to the behavior information corresponding to the sensitive classification.
3. The method for processing the high-risk process according to claim 1, wherein determining the risk level of the process according to a preset algorithm model comprises:
extracting characteristic information of the process;
and inputting the characteristic information serving as a characteristic vector into the preset algorithm model so as to predict the risk level of the process.
4. The method for processing the high-risk process according to claim 3, wherein inputting the feature information into the preset algorithm model as a feature vector to predict the risk level of the process comprises:
inputting the characteristic information into the preset algorithm model as a characteristic vector, and outputting a plurality of risk levels and corresponding probabilities of the process;
and determining the prediction risk level of the process according to the probability.
5. The method for processing the high-risk process according to claim 1, wherein processing the process according to the risk level comprises:
judging whether the risk level meets a first preset risk level or not;
if so, closing the process.
6. An apparatus for processing a high risk process, the apparatus comprising: the device comprises a first acquisition module, a search module, a determination module and a processing module;
the first acquisition module is used for acquiring the behavior information of the electronic equipment currently operated by the user;
the searching module is used for searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
the determining module is used for acquiring the currently running process of the electronic equipment when the process exists, and determining the risk level of the process according to a preset algorithm model;
and the processing module is used for processing the process according to the risk level.
7. The apparatus for processing high risk process of claim 6, wherein the apparatus further comprises: the device comprises a second acquisition module, a classification module and a generation module;
the second obtaining module is used for obtaining all the behavior information of the user operating the electronic equipment in a preset time period before the first obtaining module obtains the behavior information of the user currently operating the electronic equipment;
the classification module is used for classifying the behavior information according to a preset algorithm, and the classification comprises sensitive classification and safe classification;
and the generating module is used for generating the preset behavior set according to the behavior information corresponding to the sensitive classification.
8. The high risk process processing apparatus of claim 6, wherein the determining module comprises: an extraction submodule and a prediction submodule;
the extraction submodule is used for extracting the characteristic information of the process;
and the prediction submodule is used for inputting the characteristic information serving as a characteristic vector into the preset algorithm model so as to predict the risk level of the process.
9. A storage medium having stored thereon a computer program, characterized in that, when the computer program is run on a computer, it causes the computer to execute a processing method of a high risk process according to any one of claims 1 to 5.
10. An electronic device comprising a processor and a memory, the memory storing a plurality of instructions, wherein the instructions in the memory are loaded by the processor for performing the steps of:
acquiring behavior information of the electronic equipment currently operated by a user;
searching whether preset behavior information identical to the behavior information exists in a preset behavior set;
if the process exists, acquiring the currently running process of the electronic equipment, and determining the risk level of the process according to a preset algorithm model;
and processing the process according to the risk level.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910282167.4A CN111797391A (en) | 2019-04-09 | 2019-04-09 | High-risk process processing method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910282167.4A CN111797391A (en) | 2019-04-09 | 2019-04-09 | High-risk process processing method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111797391A true CN111797391A (en) | 2020-10-20 |
Family
ID=72805329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910282167.4A Pending CN111797391A (en) | 2019-04-09 | 2019-04-09 | High-risk process processing method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111797391A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113239364A (en) * | 2021-06-11 | 2021-08-10 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and storage medium for detecting vulnerability exploitation |
-
2019
- 2019-04-09 CN CN201910282167.4A patent/CN111797391A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113239364A (en) * | 2021-06-11 | 2021-08-10 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and storage medium for detecting vulnerability exploitation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111476306B (en) | Object detection method, device, equipment and storage medium based on artificial intelligence | |
| CN111753895A (en) | Data processing method, device and storage medium | |
| CN111797870A (en) | Optimization method and device of algorithm model, storage medium and electronic equipment | |
| CN111797288A (en) | Data screening method and device, storage medium and electronic equipment | |
| WO2019062358A1 (en) | Application program control method and terminal device | |
| WO2019062317A1 (en) | Application program control method and electronic device | |
| WO2019085750A1 (en) | Application program control method and apparatus, medium, and electronic device | |
| CN111798259A (en) | Application recommendation method and device, storage medium and electronic equipment | |
| EP3608904A1 (en) | Method for updating a speech recognition model, electronic device and storage medium | |
| CN111796926A (en) | Instruction execution method and device, storage medium and electronic equipment | |
| CN111797148A (en) | Data processing method, data processing device, storage medium and electronic equipment | |
| CN111798019B (en) | Intention prediction method, intention prediction device, storage medium and electronic equipment | |
| CN111797391A (en) | High-risk process processing method and device, storage medium and electronic equipment | |
| CN111797857A (en) | Data processing method, data processing device, storage medium and electronic equipment | |
| CN111797381A (en) | Authority management method and device of application program, storage medium and electronic equipment | |
| CN111797874A (en) | Behavior prediction method, behavior prediction device, storage medium and electronic equipment | |
| CN112560612B (en) | System, method, computer device and storage medium for determining business algorithm | |
| CN114970562A (en) | Semantic understanding method, device, medium and equipment | |
| US11445120B2 (en) | Information processing method for adjustting an image capture region based on spoken utterance and apparatus therefor | |
| CN111796663B (en) | Scene recognition model updating method and device, storage medium and electronic equipment | |
| CN111796871A (en) | Service awakening method and device, storage medium and electronic equipment | |
| CN111796314A (en) | Information processing method, information processing apparatus, storage medium, and electronic device | |
| CN111797863A (en) | Model training method, data processing method, device, storage medium and equipment | |
| CN111800535B (en) | Terminal running state evaluation method and device, storage medium and electronic equipment | |
| CN113806533B (en) | Metaphor sentence type characteristic word extraction method, metaphor sentence type characteristic word extraction device, metaphor sentence type characteristic word extraction medium and metaphor sentence type characteristic word extraction equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |