CN112090087A - Game plug-in detection method and device, storage medium and computer equipment - Google Patents

Game plug-in detection method and device, storage medium and computer equipment Download PDF

Info

Publication number
CN112090087A
CN112090087A CN202010870148.6A CN202010870148A CN112090087A CN 112090087 A CN112090087 A CN 112090087A CN 202010870148 A CN202010870148 A CN 202010870148A CN 112090087 A CN112090087 A CN 112090087A
Authority
CN
China
Prior art keywords
login
plug
suspicious
equipment
game account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010870148.6A
Other languages
Chinese (zh)
Other versions
CN112090087B (en
Inventor
毛明旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Perfect World Beijing Software Technology Development Co Ltd
Original Assignee
Perfect World Beijing Software Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Perfect World Beijing Software Technology Development Co Ltd filed Critical Perfect World Beijing Software Technology Development Co Ltd
Priority to CN202210404660.0A priority Critical patent/CN114904276A/en
Priority to CN202010870148.6A priority patent/CN112090087B/en
Priority to PCT/CN2020/132089 priority patent/WO2022041529A1/en
Publication of CN112090087A publication Critical patent/CN112090087A/en
Application granted granted Critical
Publication of CN112090087B publication Critical patent/CN112090087B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • A63F13/75Enforcing rules, e.g. detecting foul play or generating lists of cheating players
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Abstract

The application discloses a method and a device for detecting a plug-in game, a storage medium and computer equipment, wherein the method comprises the following steps: when detecting that a game account logs in, judging whether a login device of the game account is a suspicious device; if the login device is suspicious, acquiring first external use data corresponding to the game account and second external use data corresponding to the login device; and determining the supervision level of the login equipment according to the first external use data and the second external use data so as to track the use condition of the external program of the login equipment according to the supervision level. According to the application, the monitoring levels are set for the suspicious equipment with the plug-in use records, so that the anti-plug-in staff can monitor the game behaviors of the suspicious equipment at different levels according to the monitoring levels, the quick response to the plug-in program is facilitated on the basis of reducing the monitoring range of the plug-in program, and the response efficiency of the plug-in program is finally improved.

Description

Game plug-in detection method and device, storage medium and computer equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for detecting a plug-in game, a storage medium, and a computer device.
Background
With the popularization of networks, the network game industry has been rapidly developed as a supporting industry of the internet, and as an entertainment mode, the network game industry is integrated into the daily life of people, and forms a network culture taking games as a core. When the game is rapidly developed, the appearance of the plug-in breaks the balance of the game, accelerates the loss of players, damages the benefits of game manufacturers and brings negative influence to the whole game industry. In the process of finding the plug-in program, an anti-plug-in worker usually collects the suspicious program manually or by a program, then judges the behavior of the suspicious program, confirms whether the plug-in program is the plug-in program or not, and adds the feature code field of the plug-in program which is determined to be the plug-in program into the plug-in feature code database, thereby judging the plug-in program by utilizing the database.
In the process of collecting the plug-in program, the anti-plug-in worker can find the plug-in program in a large number of game account numbers just like a sea fishing needle, which is very difficult. Therefore, two ways of narrowing the collection range of the plug-in program are proposed in the prior art, one is to provide a player reporting function, a player confronted in a game can report suspicious accounts, and the other is to perform focus tracking monitoring on accounts which have been used for using the plug-in program.
However, the anti-cheating and defense countermeasure is a process of attack and defense countermeasure, and no one party can always completely restrict the other party, and only in a certain time period, one party occupies the windward, so that the continuous tracking and timely updating of the cheating version are especially important for cheating and defense countermeasure. In a great deal of practice, the two modes have certain hysteresis on the detection of the plug-in, how to set a reasonable plug-in collection range and take certain plug-in program monitoring measures on account numbers in the range is found, the time for anti-plug-in workers to track the plug-in is shortened, the response speed of the plug-in program is improved, and the method is a key problem in the field of games.
Disclosure of Invention
In view of this, the application provides a method and an apparatus for detecting a plug-in game, a storage medium, and a computer device, which are helpful for fast response to a plug-in program on the basis of reducing the monitoring range of the plug-in program, so as to improve the response efficiency of the plug-in program, improve the game security, and protect the game balance.
According to one aspect of the application, a method for detecting a game plug-in is provided, which comprises the following steps:
when detecting that a game account logs in, judging whether a login device of the game account is a suspicious device;
if the login device is suspicious, acquiring first external use data corresponding to the game account and second external use data corresponding to the login device;
and determining the supervision level of the login equipment according to the first external use data and the second external use data so as to track the use condition of the external program of the login equipment according to the supervision level.
Specifically, the determining whether the login device of the game account is a suspicious device specifically includes:
acquiring the equipment identifier of the login equipment, and inquiring whether the equipment identifier belongs to a suspicious equipment identifier contained in a suspicious equipment database;
and if the equipment identifier belongs to the suspicious equipment identifier, determining that the login equipment is the suspicious equipment.
Specifically, the first plug-in use data includes a plug-in type, and the suspicious device database includes historical plug-in use data of the suspicious device; the acquiring of the first external use data corresponding to the game account and the second external use data corresponding to the login device specifically includes:
detecting whether the game account uses a plug-in program or not in the current login based on a plug-in program database;
if the game account uses a plug-in program in the current login, acquiring the plug-in type used by the current login of the game account and acquiring historical plug-in use data of the suspicious device matched with the device identifier of the login device in the suspicious device database as the second plug-in use data.
Specifically, the second external use data includes a historical use external type and a historical use external number corresponding to the login device, and the suspicious device database includes a supervision level of the login device; the determining the supervision level of the login device according to the first external use data and the second external use data specifically includes:
updating historical plug-in use data of the login equipment in a suspicious equipment database according to the plug-in type used by the current login of the game account and the historical use plug-in type and the historical use plug-in times corresponding to the login equipment;
and re-determining the supervision level of the login equipment according to the updated historical plug-in use data corresponding to the login equipment.
Specifically, the suspicious device database further comprises a supervision level of the suspicious device; after detecting whether the game account uses the plug-in program in the current login, the method further comprises the following steps:
and if the game account is not found to use the plug-in program in the login, acquiring and improving the supervision level corresponding to the login equipment in the suspicious equipment database.
Specifically, the determining whether the login device of the game account is a suspicious device specifically includes:
acquiring the equipment identifier of the login equipment, and inquiring whether the equipment identifier belongs to a suspicious equipment identifier contained in a suspicious equipment database;
if the equipment identification does not belong to the suspicious equipment identification, determining that the login equipment is not the suspicious equipment;
after the step of judging whether the login device of the game account is a suspicious device, the method further includes:
if the login device is not the suspicious device, when the fact that the external program is used in the current login of the game account is detected, the suspicious device database is updated based on the type of the external program used in the current login of the game account and the device identification of the login device.
Specifically, the acquiring the device identifier of the login device specifically includes:
obtaining a return value of a mainboard UUID (Universal Unique Identifier) of the login equipment through a preset function;
if the mainboard UUID return value is a valid value, taking the mainboard UUID return value as the equipment identifier of the login equipment;
if the return value of the mainboard UUID is an invalid value, acquiring a GUID (Global Unique Identifier) of the login equipment, and determining the equipment Identifier based on the GUID of the login equipment.
Specifically, the method further comprises:
acquiring the time when any suspicious device in a suspicious device database is used for hanging the device at the latest time;
and if the time of the last use of the plug-in of any suspicious device is earlier than the preset time, removing any suspicious device from the suspicious device database.
Specifically, the method further comprises:
and if the historical use plug-in type corresponding to any suspicious device is larger than a preset type threshold value and/or the historical use plug-in times corresponding to any suspicious device are larger than a preset time threshold value, refusing the login of the game account number on any suspicious device.
Specifically, the method further comprises:
acquiring IP information corresponding to a game account logged on suspicious equipment with a supervision level larger than a preset level threshold;
and acquiring the target game account matched with the IP information according to the IP information so as to track the use condition of the plug-in program of the target game account.
According to another aspect of the present application, there is provided a gaming cheating detection apparatus, including:
the suspicious device judging module is used for judging whether the login device of the game account is suspicious when the login of the game account is detected;
the plug-in data acquisition module is used for acquiring first plug-in use data corresponding to the game account and second plug-in use data corresponding to the login equipment if the login equipment is suspicious equipment;
the first supervision level determining module is used for determining the supervision level of the login equipment according to the first external hanging use data and the second external hanging use data so as to track the use condition of the external hanging program of the login equipment according to the supervision level.
Specifically, the suspicious device determining module specifically includes:
a first device identifier obtaining unit, configured to obtain a device identifier of the login device, and query whether the device identifier belongs to a suspicious device identifier included in a suspicious device database;
a first suspicious device determining unit, configured to determine that the login device is the suspicious device if the device identifier belongs to the suspicious device identifier.
Specifically, the first plug-in use data includes a plug-in type, and the suspicious device database includes historical plug-in use data of the suspicious device; the plug-in data acquisition module specifically comprises:
the plug-in program detection unit is used for detecting whether the game account uses a plug-in program or not in the current login based on the plug-in program database;
and the plug-in data acquisition unit is used for acquiring the plug-in type used by the current login of the game account and acquiring the historical plug-in use data of the suspicious device matched with the device identifier of the login device in the suspicious device database as the second plug-in use data if the game account uses a plug-in program in the current login.
Specifically, the second external use data includes a historical use external type and a historical use external number corresponding to the login device, and the suspicious device database includes a supervision level of the login device; the first supervision level determination module specifically includes:
the plug-in data updating unit is used for updating the historical plug-in use data of the login equipment in the suspicious equipment database according to the type of the plug-in used by the current login of the game account number and the historical use plug-in type and the historical use plug-in times corresponding to the login equipment;
and the supervision level determining unit is used for re-determining the supervision level of the login equipment according to the updated historical plug-in use data corresponding to the login equipment.
Specifically, the suspicious device database further comprises a supervision level of the suspicious device; the device further comprises:
and the second monitoring level determining module is used for detecting whether the game account uses the plug-in program or not in the current login, and acquiring and improving the monitoring level corresponding to the login equipment in the suspicious equipment database if the game account does not use the plug-in program in the current login.
Specifically, the suspicious device determining module specifically includes:
a second device identifier obtaining unit, configured to obtain a device identifier of the login device, and query whether the device identifier belongs to a suspicious device identifier included in a suspicious device database;
a second suspicious device determining unit, configured to determine that the login device is not the suspicious device if the device identifier does not belong to the suspicious device identifier;
the device further comprises:
and the database updating module is used for updating the database of the suspicious equipment based on the types of plug-in programs used by the current login of the game account and the equipment identification of the login equipment when detecting that the current login of the game account uses the plug-in program after judging whether the login equipment of the game account is the suspicious equipment or not and if the login equipment is not the suspicious equipment.
Specifically, the device identifier obtaining unit specifically includes:
an Identifier obtaining subunit, configured to obtain, through a preset function, a return value of a motherboard UUID (universal Unique Identifier) of the login device;
a first identifier determining subunit, configured to, if the motherboard UUID return value is a valid value, use the motherboard UUID return value as the device identifier of the login device;
a second Identifier determining subunit, configured to, if the return value of the motherboard UUID is an invalid value, obtain a GUID (global Unique Identifier) of the login device, and determine the device Identifier based on the GUID of the login device.
Specifically, the apparatus further comprises:
the plug-in use time acquisition module is used for acquiring the time when any suspicious device in the suspicious device database uses the plug-in for the last time;
and the suspicious device removing module is used for removing any suspicious device from the suspicious device database if the time of the last use of the plug-in of any suspicious device is earlier than the preset time.
Specifically, the apparatus further comprises:
and the shutdown device determining module is used for rejecting the login of the game account number set by any suspicious device if the historical use plug-in type corresponding to any suspicious device in the suspicious device database is larger than a preset type threshold and/or the historical use plug-in frequency corresponding to any suspicious device is larger than a preset frequency threshold.
Specifically, the apparatus further comprises:
the device address acquisition module is used for acquiring IP information corresponding to the game account number logged on the suspicious device with the supervision level larger than the preset level threshold;
and the target account acquisition module is used for acquiring the target game account matched with the IP information according to the IP information so as to track the use condition of the plug-in program of the target game account.
According to yet another aspect of the present application, there is provided a storage medium having a computer program stored thereon, the program, when executed by a processor, implementing the above-described method for detecting a plug-in to a game.
According to still another aspect of the present application, there is provided a computer device, including a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the method for detecting a game plug-in when executing the program.
By means of the technical scheme, when a game account logs in, firstly, whether a login device of the game account is a suspicious device which has a use behavior of a plug-in program is judged, secondly, after the login device is determined to be the suspicious device, first plug-in use data is obtained according to the game experience behavior of the game account, second plug-in use data corresponding to the login device is obtained, and finally, the monitoring level of the login device is determined by combining the first plug-in use data corresponding to the current login of the game account and the second plug-in use data corresponding to the historical game behavior of the login device. According to the embodiment of the application, the monitoring level of the suspicious device with the plug-in use record is set, and the monitoring level of the suspicious device is updated by combining the plug-in use data newly generated by logging in the game account by the login device, so that the anti-plug-in worker can monitor the game behavior of the suspicious device at different levels according to the monitoring level, the quick response to the plug-in program is facilitated on the basis of reducing the monitoring range of the plug-in program, the response efficiency of the plug-in program is finally improved, the game safety is improved, and the game balance is protected.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic flow chart illustrating a method for detecting a plug-in game according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart illustrating another method for detecting a plug-in game according to an embodiment of the present disclosure;
FIG. 3 is a flow chart illustrating a method for detecting a plug-in game according to an embodiment of the present disclosure;
FIG. 4 is a flow chart illustrating a method for detecting a plug-in game according to an embodiment of the present disclosure;
FIG. 5 is a flow chart illustrating a method for detecting a plug-in game according to an embodiment of the present disclosure;
FIG. 6 is a schematic structural diagram illustrating a detection apparatus for detecting a plug-in game according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram illustrating another external game store detection device according to an embodiment of the present disclosure.
Detailed Description
The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In this embodiment, a method for detecting a plug-in game is provided, as shown in fig. 1, the method includes:
step 101, when detecting that a game account logs in, judging whether a login device of the game account is a suspicious device;
102, if the login device is a suspicious device, acquiring first external use data corresponding to a game account and second external use data corresponding to the login device;
and 103, determining the monitoring level of the login equipment according to the first external use data and the second external use data so as to track the use condition of the external program of the login equipment according to the monitoring level.
The method and the device can be applied to an anti-plug-in server, after a game account logs in at a client (namely, a login device), when the anti-plug-in server receives login information of the game account, firstly, whether the login device of the game account is a suspicious device is judged, wherein if a game account logged in by a certain device uses a plug-in program is found in a statistic result of big data, the device can use plug-in even when logging in other game accounts with a high probability, so that the device using the plug-in program is recorded as a suspicious device, and the use record of the plug-in program of the suspicious device is stored; then, when the login device of the game account is judged to be suspicious, whether a plug-in program is used during the game experience of the current login of the game account is detected, if the plug-in program is used in the game experience process, plug-in use data of the current login, namely first plug-in use data, is collected, and further, a history plug-in use record, namely second plug-in use data, corresponding to the login device is obtained; finally, determining the supervision level of the login equipment according to the first plug-in use data corresponding to the game account and the second plug-in use data corresponding to the login equipment, namely determining the supervision level of the login equipment jointly by combining the plug-in use condition of the game account in the game experience process (or the plug-in use condition of the login equipment in the game experience process) and the plug-in use condition of the login equipment of the game account in the historical game experience process, wherein anti-plug-in workers can supervise clients with different supervision levels, for example, the game behaviors of the clients with a large number of plug-in use records are supervised in a key way so as to discover novel plug-in programs with strong variant concealment in time, and the game behaviors of the clients which use plug-in once are checked to avoid saving time cost and labor cost, the supervision efficiency is improved, the game safety is improved, and the game balance is protected.
It should be noted that, for whether the game account uses a plug-in, usually, a comparison determination is performed based on a found plug-in program feature code field, and some plug-ins, such as new, variant, or shelled ones, are plug-ins, and the found plug-in program feature code field may not cover features of these plug-ins, that is, even if the game account is not detected to use a plug-in, it cannot be proved that the account does not use a plug-in, therefore, in this embodiment of the present application, if the login device of the game account is a suspicious device, but the game experience process of the game account is not found to use a plug-in program, the monitoring level of the game device may be re-determined according to the game experience behavior of the game account, for example, because this kind of device is likely to use a new variant, or shelled plug-in, a special device database may be established for this kind of device, whether the equipment in the library uses the new plug-in is monitored in a key mode, so that the novel plug-in can be found in time, and the game safety is improved.
By applying the technical scheme of the embodiment, when a game account logs in, firstly, whether a login device of the game account is a suspicious device which has a use behavior of a plug-in program is judged, secondly, after the login device is confirmed to be the suspicious device, first plug-in use data is obtained according to the game experience behavior of the game account, second plug-in use data corresponding to the login device is obtained, and finally, the supervision level of the login device is confirmed by combining the first plug-in use data corresponding to the current login of the game account and the second plug-in use data corresponding to the historical game behavior of the login device. According to the embodiment of the application, the monitoring level of the suspicious device with the plug-in use record is set, and the monitoring level of the suspicious device is updated by combining the plug-in use data newly generated by logging in the game account by the login device, so that the anti-plug-in worker can monitor the game behavior of the suspicious device at different levels according to the monitoring level, the quick response to the plug-in program is facilitated on the basis of reducing the monitoring range of the plug-in program, the response efficiency of the plug-in program is finally improved, the game safety is improved, and the game balance is protected.
Further, as a refinement and an extension of the specific implementation of the above embodiment, in order to fully describe the specific implementation process of the embodiment, another method for detecting a plug-in game is provided, as shown in fig. 2, the method includes:
step 201, when detecting that a game account logs in, acquiring a device identifier of a login device, and inquiring whether the device identifier belongs to a suspicious device identifier contained in a suspicious device database;
in step 201, whether the login device belongs to a suspicious device may be determined based on the device identifier of the game account login device, and specifically, whether the device identifier of the login device is a suspicious device identifier recorded in a suspicious device database may be queried in a suspicious device database established in advance. And if the equipment identifier belongs to the suspicious equipment identifier, determining that the login equipment is suspicious equipment, otherwise, determining that the login equipment is not suspicious equipment. Wherein, the devices corresponding to the suspicious device identifications recorded in the suspicious device database are all devices with plug-in use behaviors, because the probability of reusing the plug-in program by the devices is very high, the corresponding suspicious device identification is recorded to form a database, concrete plug-in use data can be recorded in the database, such as how many stores are used by the suspect device, how many stores are used, how much loss the suspect device incurs to other players or game developers in the game because of using the stores, and the like, the hazard level rating can be carried out on the suspicious equipment according to the plug-in use data corresponding to the suspicious equipment, the hazard level rating can be used as a criterion for evaluating the supervision level of the suspicious equipment in some scenes, and the higher the hazard level of the equipment is, the higher the corresponding supervision level is, that is, the strictest monitoring is performed on the equipment with great hazard.
In this embodiment of the application, for any suspicious device corresponding to the suspicious device database, specifically, if the historical use plug-in type corresponding to any suspicious device is greater than a preset type threshold and/or the historical use plug-in frequency corresponding to any suspicious device is greater than a preset frequency threshold, the game account on any suspicious device is rejected from logging in.
In this embodiment, the danger level of the suspicious device may be determined by using a plug-in type and/or using a number of plug-ins, in the above embodiment, if the historical use plug-in type of any suspicious device corresponding to the suspicious device database is greater than a preset value and/or the historical use plug-in number is greater than a preset value, the device with the "patch of inferior spots" may be directly determined as a disabled device, and is prohibited from logging in any game account, and when a game account applies for logging in a specific application scenario, it may be determined whether the logged-in device is the disabled device according to a device identifier corresponding to the logged-in device of the game account, and an account logging-in behavior on the disabled device is rejected; or when the login equipment is judged to be the shutdown equipment, the logged account is forcibly logged out or is shut down.
In addition, the embodiment of the application may further include: and determining the hazard level of any suspicious device according to the historical use plug-in type and/or the historical use plug-in times corresponding to any suspicious device, and determining the supervision level of the suspicious device based on the hazard level. For example, suspicious devices with plug-in types exceeding 10 are placed into the set A, suspicious devices with plug-in times exceeding 20 are placed into the set B, the intersection is taken between the set A and the set B, the corresponding suspicious devices in the A ≠ B set are taken as devices with the highest hazard level, and the devices are subjected to strictest supervision.
In this embodiment of the application, specifically, the method for acquiring the device identifier of the login device in step 201 may specifically include:
step 201-1, obtaining a mainboard UUID return value of the login equipment through a preset function;
step 201-2, if the mainboard UUID return value is an effective value, taking the mainboard UUID return value as an equipment identifier of the login equipment;
step 201-3, if the return value of the motherboard UUID is an invalid value, acquiring the GUID of the login device, and determining the device identifier based on the GUID of the login device.
In this embodiment, in order to distinguish different devices, a unique feature code of each device should be recorded, specifically, a return value of a UUID, which is a universal unique identifier of a login device motherboard, may be obtained through a preset function as a device identifier of the device, in some cases, the preset function may not obtain the UUID, at this time, the function may obtain a null value return value, that is, the return value is an invalid value, at this time, a GUID value of the device may be obtained and operated through an MD5 algorithm (information digest algorithm) or other encryption algorithms as the device identifier, or based on the GUID value and preset parameters, the device identifier may be obtained through an MD5 algorithm or other encryption algorithms, so as to ensure the uniqueness of the device identifier, and different game login devices may be distinguished and identified through the device identifier.
Step 202, if the login device is a suspicious device, detecting whether the current login of the game account uses a plug-in program based on a plug-in program database;
in step 202, if it is determined that the login device belongs to a suspicious device based on the device identifier of the login device, the current game behavior of the game account may be further detected, and it is determined whether there is a behavior of using the plug-in program in the current game process of the account, specifically, feature codes corresponding to the relevant game behaviors may be compared based on a preset anti-plug-in feature code database (feature codes of the found plug-in program are stored in the feature code database in advance), if a feature code matched with the plug-in program is found, it is determined that the plug-in program is not used in the current game process of the game account, otherwise, it is determined that the plug-in program is not used in the current game of the game account, or the plug-in program is not found in the current game of the game account.
Step 203, if the game account uses a plug-in program in the current login, acquiring the plug-in type used by the current login of the game account and acquiring historical plug-in use data of the suspicious device matched with the device identifier of the login device in a suspicious device database as second plug-in use data;
in step 203, after finding that the game account uses the plug-in program, it may further identify which kind of plug-in program is used by the game account according to a specific comparison result of the plug-in program, for example, the game account uses the automatic aiming plug-in 1 and the full view field plug-in 2 this time, and may further read out historical plug-in use data corresponding to the device identifier from the suspicious device database based on the device identifier of the login device, where the historical plug-in use data may specifically include the kind of plug-ins used by the corresponding suspicious device and the number of times of using each kind of plug-ins or the total number of times of using plug-ins.
Step 204, updating historical plug-in use data of the login equipment in the suspicious equipment database according to the plug-in type used by the current login of the game account and the historical use plug-in type and the historical use plug-in times corresponding to the login equipment;
and step 205, re-determining the monitoring level of the login equipment according to the updated historical plug-in use data corresponding to the login equipment.
In step 204 and step 205, the suspicious device database is updated according to the plug-in type used by the game account this time, so that the suspicious device database can be dynamically updated according to the real-time game behavior, which is convenient for adjusting the supervision level of the suspicious device in time according to the plug-in use data of the suspicious device, and specifically, the harm level of the device can be calculated first based on the plug-in use data of the login device, and then the supervision of the login device is determined again according to the harm level.
As shown in fig. 3, an embodiment of the present application provides another method for detecting a plug-in game, where the method includes:
step 301, when detecting that a game account logs in, acquiring a device identifier of a login device, and inquiring whether the device identifier belongs to a suspicious device identifier contained in a suspicious device database;
step 302, if the login device is a suspicious device, detecting whether the current login of the game account uses a plug-in program based on a plug-in program database;
and 303, if the game account is not found to use the plug-in program in the login, acquiring and improving the supervision level corresponding to the login equipment in the suspicious equipment database.
In the above embodiment, if the device identifier of the login device of the game account belongs to the suspicious device identifier, it may be determined that the login device is the suspicious device, but no plug-in program is found in the game process of the account, and no plug-in program is found in the current suspicious device, which may be two cases: 1. the device does not use a plug-in; 2. the device uses a plug-in, but its external hanging features are not in the anti-plug-in feature code database. If the second situation is, the anti-plug-in engineer is required to focus on tracking the equipment and exploring the characteristics of the new plug-in. Therefore, when no suspected device is found to use the plug-in program, the supervision level of the device can be +1 in order to timely find new plug-ins possibly existing in the device.
In the embodiment of the present application, if the first condition is met, it is suspected that the device does not use the plug-in, and specifically, the time when any suspicious device in the database of the suspicious device uses the plug-in last time is obtained; and if the time of the last use of the plug-in of any suspicious device is earlier than the preset time, removing any suspicious device from the database of the suspicious device.
In this embodiment, the suspicious device database may further store the plug-in use time of the suspicious device, specifically, the time when the suspicious device used the plug-in most recently, and further, if a certain suspicious device has not been found to use the plug-in program for a long time, the suspicious device may be removed from the suspicious device database or the monitoring level of the suspicious device may be lowered, and the anti-plug-in worker may put more efforts on the device that is more likely to use the plug-in program for monitoring.
As shown in fig. 4, an embodiment of the present application provides another method for detecting a plug-in game, where the method includes:
step 401, when detecting that a game account logs in, acquiring a device identifier of a login device, and inquiring whether the device identifier belongs to a suspicious device identifier contained in a suspicious device database;
step 402, if the login device is not a suspicious device, when it is detected that the game account uses the plug-in program in the current login, updating a database of the suspicious device based on the type of the plug-in program used in the current login of the game account and the device identifier of the login device.
In this embodiment, if the device identifier of the login device of the game account does not belong to the suspicious device identifier, that is, it may be determined that the login device does not belong to the suspicious device, but the account uses the plug-in program in the game, the login device is recorded as the suspicious device, the suspicious device identifier and the type of the plug-in program used by the device are recorded in the suspicious device database, and the number of times of using the plug-in program is recorded as 1 time.
In addition, any embodiment of the present application further comprises: acquiring IP information corresponding to a game account logged on suspicious equipment with a supervision level larger than a preset level threshold; and acquiring the target game account matched with the IP information according to the IP information so as to track the use condition of the plug-in program of the target game account.
In the above embodiment, if the supervision level of the suspicious device is higher or the hazard level is higher, the network address corresponding to the game account logged in the device can be acquired, the target game account in the same network segment as the network address is acquired, and the game behavior data of the target game account is acquired and fed back to the anti-plug-in staff for judgment, so that the high-risk account and the high-risk device in the same network segment can be mined, and the game safety is improved.
Fig. 5 shows a schematic flow chart of a plug-in detection method provided in the embodiment of the present application. As shown in fig. 5, after the game account logs in, it is first determined whether the login device belongs to a suspicious device, and further determined whether the game account uses a plug-in, and according to the determination result, the monitoring level of the login device is determined and the database of the suspicious device is updated.
Further, as a specific implementation of the method in fig. 1, an embodiment of the present application provides a device for detecting a plug-in game, and as shown in fig. 6, the device includes:
a suspicious device determining module 51, configured to determine whether a login device of a game account is a suspicious device when detecting that a game account logs in;
the plug-in data acquisition module 52 is configured to acquire first plug-in use data corresponding to the game account and second plug-in use data corresponding to the login device if the login device is a suspicious device;
the first supervision level determining module 53 is configured to determine a supervision level of the login device according to the first external use data and the second external use data, so as to track a usage status of the external program of the login device according to the supervision level.
In a specific application scenario, as shown in fig. 7, the suspicious device determining module 51 specifically includes:
a first device identifier obtaining unit 511, configured to obtain a device identifier of a login device, and query whether the device identifier belongs to a suspicious device identifier included in a suspicious device database;
the first suspicious device determining unit 512 is configured to determine that the logged device is a suspicious device if the device identifier belongs to the suspicious device identifier, and otherwise determine that the logged device is not a suspicious device.
In a specific application scenario, as shown in fig. 7, the first plug-in usage data includes a plug-in category, and the suspicious device database includes historical plug-in usage data of the suspicious device; the plug-in data obtaining module 52 specifically includes:
the plug-in program detection unit 521 is used for detecting whether the game account uses a plug-in program in the current login based on the plug-in program database;
a plug-in data obtaining unit 522, configured to, if the game account uses a plug-in program in the current login, obtain a plug-in type used by the current login of the game account and obtain, in the suspicious device database, historical plug-in usage data of the suspicious device that matches the device identifier of the login device, as second plug-in usage data.
In a specific application scenario, as shown in fig. 7, the second external use data includes a historical use external type and a historical use external number corresponding to the login device, and the suspicious device database includes a supervision level of the login device; the first supervision level determining module 53 specifically includes:
the plug-in data updating unit 531 is configured to update historical plug-in usage data of the login device in the suspicious device database according to the type of the plug-in used by the current login of the game account, the type of the plug-in used in the history corresponding to the login device, and the number of times of using the plug-in used in the history;
and the supervision level determining unit 532 is configured to re-determine the supervision level of the login device according to the updated historical plug-in usage data corresponding to the login device.
In a specific application scenario, as shown in fig. 7, the suspicious device database further includes a supervision level of the suspicious device; the device also includes:
the second monitoring level determining module 54 is configured to, after detecting whether the plug-in program is used in the current login of the game account, obtain and raise the monitoring level corresponding to the login device in the suspicious device database if the plug-in program is not used in the current login of the game account.
In a specific application scenario, as shown in fig. 7, the suspicious device determining module 51 specifically includes:
a second device identifier obtaining unit 513, configured to obtain a device identifier of the login device, and query whether the device identifier belongs to a suspicious device identifier included in the suspicious device database;
a second suspicious device determining unit 514, configured to determine that the login device is not a suspicious device if the device identifier does not belong to the suspicious device identifier;
the device also includes:
and the database updating module 55 is configured to update the database of the suspicious device based on the type of the plug-in program used by the game account in the current login and the device identifier of the login device when it is detected that the plug-in program is used by the game account in the current login if the login device is not the suspicious device after determining whether the login device of the game account is the suspicious device.
In a specific application scenario, not shown in the figure, the device identifier obtaining unit 511 specifically includes:
an Identifier obtaining subunit 5111, configured to obtain, through a preset function, a return value of a motherboard UUID (universal Unique Identifier) of the login device;
a first identifier determining subunit 5112, configured to, if the motherboard UUID return value is an effective value, use the motherboard UUID return value as an apparatus identifier of the login apparatus;
the second Identifier determining subunit 5113 is configured to, if the return value of the UUID of the motherboard is an invalid value, obtain a GUID (global Unique Identifier) of the login device, and determine the device Identifier based on the GUID of the login device.
In a specific application scenario, as shown in fig. 7, the apparatus further includes:
the plug-in use time acquisition module 56 is used for acquiring the time when any suspicious device in the database of the suspicious devices uses the plug-in for the last time;
and the suspicious device removing module 57 is configured to remove any suspicious device from the suspicious device database if the time when any suspicious device is used by the plug-in last time is earlier than the preset time.
In a specific application scenario, as shown in fig. 7, the apparatus further includes:
the device-out-of-use determining module 58 is configured to, if the historical use plug-in type corresponding to any suspicious device in the suspicious device database is greater than a preset type threshold and/or the historical use plug-in number corresponding to any suspicious device is greater than a preset number threshold, reject the game account number set by any suspicious device from logging in.
In a specific application scenario, as shown in fig. 7, the apparatus further includes:
the IP information obtaining module 59 is configured to obtain IP information corresponding to a game account logged in on a suspicious device whose supervision level is greater than a preset level threshold;
and the target account number obtaining module 50 is configured to obtain a target game account number matched with the IP information according to the IP information, so as to track the usage status of the plug-in program of the target game account number.
It should be noted that other corresponding descriptions of the functional units related to the detection device for the game plug-in provided in the embodiment of the present application may refer to the corresponding descriptions in the methods in fig. 1 to fig. 5, and are not described herein again.
Based on the methods shown in fig. 1 to 5, correspondingly, an embodiment of the present application further provides a storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method for detecting a plug-in game shown in fig. 1 to 5.
Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the implementation scenarios of the present application.
Based on the methods shown in fig. 1 to fig. 5 and the virtual device embodiments shown in fig. 6 and fig. 7, in order to achieve the above object, an embodiment of the present application further provides a computer device, which may specifically be a personal computer, a server, a network device, and the like, where the computer device includes a storage medium and a processor; a storage medium for storing a computer program; and a processor for executing a computer program to implement the method for detecting a plug-in game as shown in fig. 1 to 5.
Optionally, the computer device may also include a user interface, a network interface, a camera, Radio Frequency (RF) circuitry, sensors, audio circuitry, a WI-FI module, and so forth. The user interface may include a Display screen (Display), an input unit such as a keypad (Keyboard), etc., and the optional user interface may also include a USB interface, a card reader interface, etc. The network interface may optionally include a standard wired interface, a wireless interface (e.g., a bluetooth interface, WI-FI interface), etc.
It will be appreciated by those skilled in the art that the present embodiment provides a computer device architecture that is not limiting of the computer device, and that may include more or fewer components, or some components in combination, or a different arrangement of components.
The storage medium may further include an operating system and a network communication module. An operating system is a program that manages and maintains the hardware and software resources of a computer device, supporting the operation of information handling programs, as well as other software and/or programs. The network communication module is used for realizing communication among components in the storage medium and other hardware and software in the entity device.
Through the description of the above embodiment, those skilled in the art can clearly understand that the present application can be implemented by software plus a necessary general hardware platform, and also can be implemented by hardware when a game account logs in, firstly, whether a login device of the game account is a suspicious device that has a usage behavior of a plug-in program ever is determined, secondly, after the login device is determined to be the suspicious device, first plug-in usage data is obtained for a current game experience behavior of the game account, second plug-in usage data corresponding to the login device is obtained, and finally, a monitoring level of the login device is determined by combining the first plug-in usage data corresponding to the current login of the game account and the second plug-in usage data corresponding to a historical game behavior of the login device. According to the embodiment of the application, the monitoring level of the suspicious device with the plug-in use record is set, and the monitoring level of the suspicious device is updated by combining the plug-in use data newly generated by logging in the game account by the login device, so that the anti-plug-in worker can monitor the game behavior of the suspicious device at different levels according to the monitoring level, the quick response to the plug-in program is facilitated on the basis of reducing the monitoring range of the plug-in program, the response efficiency of the plug-in program is finally improved, the game safety is improved, and the game balance is protected.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present application. Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.
The above application serial numbers are for description purposes only and do not represent the superiority or inferiority of the implementation scenarios. The above disclosure is only a few specific implementation scenarios of the present application, but the present application is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present application.

Claims (13)

1. A method for detecting a store outside a game, comprising:
when detecting that a game account logs in, judging whether a login device of the game account is a suspicious device;
if the login device is suspicious, acquiring first external use data corresponding to the game account and second external use data corresponding to the login device;
and determining the supervision level of the login equipment according to the first external use data and the second external use data so as to track the use condition of the external program of the login equipment according to the supervision level.
2. The method according to claim 1, wherein the determining whether the login device of the game account is a suspicious device specifically includes:
acquiring the equipment identifier of the login equipment, and inquiring whether the equipment identifier belongs to a suspicious equipment identifier contained in a suspicious equipment database;
and if the equipment identifier belongs to the suspicious equipment identifier, determining that the login equipment is the suspicious equipment.
3. The method of claim 2, wherein the first store-on usage data comprises a store-on category, and wherein the suspect device database comprises historical store-on usage data for the suspect device; the acquiring of the first external use data corresponding to the game account and the second external use data corresponding to the login device specifically includes:
detecting whether the game account uses a plug-in program or not in the current login based on a plug-in program database;
if the game account uses a plug-in program in the current login, acquiring the plug-in type used by the current login of the game account and acquiring historical plug-in use data of the suspicious device matched with the device identifier of the login device in the suspicious device database as the second plug-in use data.
4. The method of claim 3, wherein the second external use data comprises a historical use external type and a historical use external number corresponding to the login device, and the suspect device database comprises a regulatory level of the login device; the determining the supervision level of the login device according to the first external use data and the second external use data specifically includes:
updating historical plug-in use data of the login equipment in a suspicious equipment database according to the plug-in type used by the current login of the game account and the historical use plug-in type and the historical use plug-in times corresponding to the login equipment;
and re-determining the supervision level of the login equipment according to the updated historical plug-in use data corresponding to the login equipment.
5. The method of claim 3, wherein the suspect device database further comprises a regulatory level of the suspect device; after detecting whether the game account uses the plug-in program in the current login, the method further comprises the following steps:
and if the game account is not found to use the plug-in program in the login, acquiring and improving the supervision level corresponding to the login equipment in the suspicious equipment database.
6. The method according to any one of claims 1 to 5, wherein the determining whether the login device of the game account is a suspicious device specifically includes:
acquiring the equipment identifier of the login equipment, and inquiring whether the equipment identifier belongs to a suspicious equipment identifier contained in a suspicious equipment database;
if the equipment identification does not belong to the suspicious equipment identification, determining that the login equipment is not the suspicious equipment;
after the step of judging whether the login device of the game account is a suspicious device, the method further includes:
if the login device is not the suspicious device, when the fact that the external program is used in the current login of the game account is detected, the suspicious device database is updated based on the type of the external program used in the current login of the game account and the device identification of the login device.
7. The method according to any one of claims 2 to 5, wherein the obtaining the device identifier of the login device specifically includes:
obtaining a return value of a mainboard UUID (Universal Unique Identifier) of the login equipment through a preset function;
if the mainboard UUID return value is a valid value, taking the mainboard UUID return value as the equipment identifier of the login equipment;
if the return value of the mainboard UUID is an invalid value, acquiring a GUID (Global Unique Identifier) of the login equipment, and determining the equipment Identifier based on the GUID of the login equipment.
8. The method according to any one of claims 1 to 5, further comprising:
acquiring the time when any suspicious device in a suspicious device database is used for hanging the device at the latest time;
and if the time of the last use of the plug-in of any suspicious device is earlier than the preset time, removing any suspicious device from the suspicious device database.
9. The method according to any one of claims 1 to 5, further comprising:
and if the historical use plug-in type corresponding to any suspicious device is larger than a preset type threshold value and/or the historical use plug-in times corresponding to any suspicious device are larger than a preset time threshold value, refusing the login of the game account number on any suspicious device.
10. The method according to any one of claims 1 to 5, further comprising:
acquiring IP information corresponding to a game account logged on suspicious equipment with a supervision level larger than a preset level threshold;
and acquiring the target game account matched with the IP information according to the IP information so as to track the use condition of the plug-in program of the target game account.
11. A detection device for gaming cheating, comprising:
the suspicious device judging module is used for judging whether the login device of the game account is suspicious when the login of the game account is detected;
the plug-in data acquisition module is used for acquiring first plug-in use data corresponding to the game account and second plug-in use data corresponding to the login equipment if the login equipment is suspicious equipment;
the first supervision level determining module is used for determining the supervision level of the login equipment according to the first external hanging use data and the second external hanging use data so as to track the use condition of the external hanging program of the login equipment according to the supervision level.
12. A storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method for detecting a game store according to any one of claims 1 to 10.
13. A computer device comprising a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the method for detecting a game store according to any one of claims 1 to 10 when executing the computer program.
CN202010870148.6A 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment Active CN112090087B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202210404660.0A CN114904276A (en) 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment
CN202010870148.6A CN112090087B (en) 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment
PCT/CN2020/132089 WO2022041529A1 (en) 2020-08-26 2020-11-27 Game cheat detection method and apparatus, computer program, and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010870148.6A CN112090087B (en) 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202210404660.0A Division CN114904276A (en) 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment

Publications (2)

Publication Number Publication Date
CN112090087A true CN112090087A (en) 2020-12-18
CN112090087B CN112090087B (en) 2022-05-06

Family

ID=73756601

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010870148.6A Active CN112090087B (en) 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment
CN202210404660.0A Pending CN114904276A (en) 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202210404660.0A Pending CN114904276A (en) 2020-08-26 2020-08-26 Game plug-in detection method and device, storage medium and computer equipment

Country Status (2)

Country Link
CN (2) CN112090087B (en)
WO (1) WO2022041529A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113407804A (en) * 2021-07-14 2021-09-17 杭州雾联科技有限公司 External hanging accurate marking and identifying method and device based on crawler

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1521421A2 (en) * 2003-04-16 2005-04-06 WMS Gaming Inc Layered security methods and apparatus in a gaming system environment
US20070105624A1 (en) * 2002-08-28 2007-05-10 Tyler Matthew G Online gaming cheating prevention system and method
US20080004107A1 (en) * 2006-07-03 2008-01-03 Igt Detecting and preventing bots and cheating in online gaming
JP2008012021A (en) * 2006-07-05 2008-01-24 Aruze Corp Game machine
CN104079525A (en) * 2013-03-25 2014-10-01 腾讯科技(深圳)有限公司 Method and server of preventing plug-in
CN108176053A (en) * 2018-01-04 2018-06-19 网易(杭州)网络有限公司 It plays plug-in detection method, device, server, client and storage medium
CN109865293A (en) * 2017-12-05 2019-06-11 上海花事电子商务有限公司 A kind of intelligent mobile game social platform anti-cheating system and method
CN110198310A (en) * 2019-05-20 2019-09-03 腾讯科技(深圳)有限公司 A kind of anti-cheat method of network behavior, device and storage medium
CN111311285A (en) * 2020-02-21 2020-06-19 深圳壹账通智能科技有限公司 Method, device, equipment and storage medium for preventing user from illegally logging in

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101370013A (en) * 2008-07-10 2009-02-18 诸松涛 Anti-cheater method for network game
CN105049418B (en) * 2015-06-17 2018-02-06 福建天晴数码有限公司 A kind of screen game logs in the method and system of account number
CN106953832B (en) * 2016-01-07 2020-04-07 福建天晴数码有限公司 Method and system for processing online game suspicious account
CN109589607A (en) * 2018-12-05 2019-04-09 北京瑞卓喜投科技发展有限公司 A kind of game anti-cheating method and game anti-cheating system based on block chain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070105624A1 (en) * 2002-08-28 2007-05-10 Tyler Matthew G Online gaming cheating prevention system and method
EP1521421A2 (en) * 2003-04-16 2005-04-06 WMS Gaming Inc Layered security methods and apparatus in a gaming system environment
US20080004107A1 (en) * 2006-07-03 2008-01-03 Igt Detecting and preventing bots and cheating in online gaming
JP2008012021A (en) * 2006-07-05 2008-01-24 Aruze Corp Game machine
CN104079525A (en) * 2013-03-25 2014-10-01 腾讯科技(深圳)有限公司 Method and server of preventing plug-in
CN109865293A (en) * 2017-12-05 2019-06-11 上海花事电子商务有限公司 A kind of intelligent mobile game social platform anti-cheating system and method
CN108176053A (en) * 2018-01-04 2018-06-19 网易(杭州)网络有限公司 It plays plug-in detection method, device, server, client and storage medium
CN110198310A (en) * 2019-05-20 2019-09-03 腾讯科技(深圳)有限公司 A kind of anti-cheat method of network behavior, device and storage medium
CN111311285A (en) * 2020-02-21 2020-06-19 深圳壹账通智能科技有限公司 Method, device, equipment and storage medium for preventing user from illegally logging in

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113407804A (en) * 2021-07-14 2021-09-17 杭州雾联科技有限公司 External hanging accurate marking and identifying method and device based on crawler
CN113407804B (en) * 2021-07-14 2023-06-16 杭州雾联科技有限公司 Crawler-based externally hung accurate marking and identifying method and device

Also Published As

Publication number Publication date
CN112090087B (en) 2022-05-06
CN114904276A (en) 2022-08-16
WO2022041529A1 (en) 2022-03-03

Similar Documents

Publication Publication Date Title
EP3068095A2 (en) Monitoring apparatus and method
CN110719291A (en) Network threat identification method and identification system based on threat information
US10282542B2 (en) Information processing apparatus, information processing method, and computer readable medium
CN110866246B (en) Malicious code attack detection method and device and electronic equipment
CN111460445B (en) Sample program malicious degree automatic identification method and device
JP2016046654A (en) Security system, security method, security device, and program
CN111221625B (en) File detection method, device and equipment
CN109684833B (en) System and method for adapting program dangerous behavior patterns to user computer system
CN110866248B (en) Lesovirus identification method and device, electronic equipment and storage medium
CN112953917B (en) Network attack source identification method and device, computer equipment and storage medium
CN110868403B (en) Method and equipment for identifying advanced persistent Attack (APT)
CN107566401B (en) Protection method and device for virtualized environment
CN112090087B (en) Game plug-in detection method and device, storage medium and computer equipment
CN112153062B (en) Multi-dimension-based suspicious terminal equipment detection method and system
CN112580041A (en) Malicious program detection method and device, storage medium and computer equipment
CN113225356B (en) TTP-based network security threat hunting method and network equipment
CN113992355B (en) Attack prediction method, device, equipment and machine-readable storage medium
CN111030977A (en) Attack event tracking method and device and storage medium
CN113987489A (en) Method and device for detecting unknown threat of network, electronic equipment and storage medium
CN112580025A (en) Virtual machine-based poison reporting method and device, storage medium and computer equipment
CN112398784B (en) Method and device for defending vulnerability attack, storage medium and computer equipment
CN112580038A (en) Anti-virus data processing method, device and equipment
CN113691518B (en) Information analysis method, device, equipment and storage medium
CN111740855B (en) Risk identification method, device and equipment based on data migration and storage medium
CN114021134A (en) Program processing method and device based on associated program tracking and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant