CN112804686A - Risk identification method and device and storage medium - Google Patents
Risk identification method and device and storage medium Download PDFInfo
- Publication number
- CN112804686A CN112804686A CN202110085977.8A CN202110085977A CN112804686A CN 112804686 A CN112804686 A CN 112804686A CN 202110085977 A CN202110085977 A CN 202110085977A CN 112804686 A CN112804686 A CN 112804686A
- Authority
- CN
- China
- Prior art keywords
- application program
- application
- program
- risk
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000003860 storage Methods 0.000 title claims abstract description 22
- 230000006870 function Effects 0.000 description 14
- 238000004590 computer program Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 238000012549 training Methods 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000003066 decision tree Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012954 risk control Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000011478 gradient descent method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Abstract
The application discloses a risk identification method, a risk identification device and a storage medium. The method comprises the following steps: and judging whether a system operated by the application program is cracked, if so, judging whether to connect the agent, and if so, identifying that the application program is risky. The embodiment provided by the application solves the problem that the risk of the application program cannot be identified in advance in the related art.
Description
Technical Field
The present application relates to the field of identity recognition technologies, and in particular, to a risk recognition method, apparatus, and storage medium.
Background
The modern society is a society with rapid development of information technology, and related technologies of mobile phone application programs (APP) are also rapidly developed. At present, a plurality of APP can bind a mobile phone number, a social number and even a payment account number related to economy, such as WeChat, Paibao, a bank card and the like. The risk of APP running is also increasing.
In the background art, the mainstream risk detection is processed in the background, and usually can be identified only after a dangerous event occurs, so that the delay in timeliness is large, and at present, there is no better way to prevent and identify the risk of the application program in advance.
Disclosure of Invention
The application provides a risk identification method, a risk identification device and a nonvolatile storage medium, which are used for solving the problem that the risk of an application program cannot be identified in advance in the related art.
According to an aspect of the present application, there is provided a risk identification method, including:
judging whether a system operated by the application program is cracked or not;
if the system is cracked, judging whether to connect the agent;
if the terminal is connected with the agent, the application program is identified to be at risk.
In some embodiments, the method further comprises:
if the system is not cracked, judging whether the running environment of the application program is a real machine environment or not;
if the terminal is in a real machine environment, detecting whether an SIM card is inserted into the terminal;
and if the SIM card is inserted, the safety of the application program is identified.
In some embodiments, the method further comprises:
if a simulator environment, the application is identified as risky.
In some embodiments, the method further comprises:
if no SIM card is inserted, the identification application is at risk.
In some embodiments, the method further comprises:
if the terminal is not connected with the agent, judging whether the use frequency meets a first preset condition or not based on the history of the application program;
and if the first preset condition is met, identifying that the program is safe.
In some embodiments, determining whether the frequency of use satisfies the first preset condition based on the history of the application includes:
and if the history record identifier use frequency of the application program is greater than or equal to the frequency threshold, judging that a first preset condition is met.
And if the history record identifier use frequency of the application program is less than the frequency threshold, judging that a first preset condition is met.
Wherein, the frequency comprises the number of times of use or the running time in the preset time.
In some embodiments, the method further comprises:
if the first preset condition is not met, judging whether the identifier of the terminal meets a second preset condition or not;
and if the second preset condition is met, identifying that the program is safe.
In some embodiments, determining whether the identifier of the terminal satisfies the second preset condition includes:
if the identifier of the terminal is in the preset list, judging that the identifier of the terminal meets a second preset condition;
and if the identifier of the terminal is not in the preset list, judging that the identifier of the terminal does not meet a second preset condition.
The preset list stores the identification of the common terminal.
In some embodiments, the method further comprises:
if the second preset condition is not met, it is identified that the program is at risk.
In some embodiments, the method further comprises:
and if the application program is at risk, closing at least part of the authority of the application program.
And if the application program is safe, opening the corresponding authority of the application program.
According to another aspect of the embodiments of the present invention, there is also provided a risk identification apparatus, including:
the first judgment module is configured to judge whether a system operated by the application program is cracked;
a second judgment module configured to judge whether to connect the agent if the system is cracked;
the first identification module is configured to identify that the application program is at risk if the terminal is connected with the proxy.
In some embodiments, the apparatus further comprises:
the third judgment module is configured to judge whether the running environment of the application program is a real machine environment if the system is not cracked;
the detection module is configured to detect whether the SIM card is inserted into the terminal if the terminal is in a real machine environment;
and the second identification module is configured to identify the safety of the application program if the SIM card is inserted.
In some embodiments, the apparatus further comprises:
a third identification module configured to identify that the application is at risk if it is a simulator environment.
In some embodiments, the apparatus further comprises:
a fourth identification module configured to identify that the application is at risk if the SIM card is not inserted.
In some embodiments, the apparatus further comprises:
the fourth judging module is configured to judge whether the use frequency meets a first preset condition or not based on the history of the application program if the terminal is not connected with the agent;
and the fifth identification module is configured to identify that the program is safe if the first preset condition is met.
In some embodiments, the apparatus further comprises:
the fifth judging module is configured to judge whether the identifier of the terminal meets a second preset condition or not if the first preset condition is not met;
and the sixth identification module is configured to identify that the program should be safe if a second preset condition is met.
In some embodiments, the apparatus further comprises:
a seventh identifying module configured to identify that the program should be at risk if the second preset condition is not satisfied.
In some embodiments, the apparatus further comprises:
the first processing module is configured to close at least part of the authority of the application program if the application program is at risk.
And the second processing module is configured to open the corresponding authority of the application program if the application program is safe.
According to another aspect of the embodiments of the present invention, there is also provided a non-volatile storage medium including a stored program, wherein the program controls a device in which the non-volatile storage medium is located to perform a risk identification method when running.
According to another aspect of the embodiments of the present invention, there is also provided a risk identification apparatus, including a processor and a memory, where the memory stores computer readable instructions, and the processor is configured to execute the computer readable instructions, where the computer readable instructions execute a risk identification method.
The safety of the running environment of the mobile phone of the user is comprehensively judged according to the information such as whether the system is cracked, whether the agent is connected, whether the terminal is a frequently-used device, whether the application program is frequently used, whether the SIM card is inserted and the like.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:
FIG. 1 is a flow chart of a risk identification method provided according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of a risk identification method provided according to an embodiment of the present application;
FIG. 3 is a flow chart of a risk identification method provided according to an embodiment of the present application; and
fig. 4 is a block diagram of a risk identification device provided according to an embodiment of the present application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a risk identification method provided according to an embodiment of the present disclosure, where the risk identification method shown in fig. 1 includes:
step S11, judging whether the system of the application program is cracked;
step S12, if the system is cracked, judging whether to connect the agent;
and step S13, if the terminal is connected with the agent, the application program is identified to be at risk.
Fig. 2 is a risk identification method provided according to an embodiment of the present disclosure, where the risk identification method shown in fig. 2 includes:
step S21, judging whether the system of the application program is cracked;
if the system is cracked, step S22 is performed, and if not cracked, step S23 is performed.
The detection system is broken, so called jail break/Root. And if the system is cracked, the iOS platform is called as jail crossing, and the Android platform is called as Root.
The methods for detecting whether the system is cracked are more, for example, whether the system runs common cracking software or not, and the names of the cracking software are stored in a software list in advance.
Step S22, judging whether to connect the agent;
if there is an agent, step S28 is performed, and if there is no agent, step S25 is performed.
In order to facilitate the packet capture analysis of the request content, the Http proxy is manually set to implement the request (mainly including the client proxy and the PC proxy).
Step S23, judging whether the running environment of the application program is a real machine environment;
if the environment is a genuine environment, the step S24 is performed, and if the environment is a non-genuine environment, the step S28 is performed.
Whether it is a real mobile phone or an emulator is mainly determined by calling related hardware such as a microphone.
Step S24, detecting whether the terminal is inserted with a SIM card;
if the SIM card is inserted, step S27 is executed.
If the SIM card is not inserted, step S28 is executed.
The process may identify whether the terminal has a physical SIM card inserted.
Step S25, judging whether the use frequency meets a first preset condition based on the history of the application program;
if the first predetermined condition is satisfied, go to step S27.
If the first preset condition is not satisfied, step S26 is executed.
This step is equivalent to verifying whether the application is a function that is commonly used by the user. The 6 functions of checking account, repayment, amount, point, payment and card occupy 92% of users obtained through big data training information.
Step S26, judging whether the terminal mark meets a second preset condition;
if the second predetermined condition is satisfied, go to step S27.
If the second predetermined condition is not satisfied, go to step S28.
The purpose of this process is to identify whether the terminal running the application is a device commonly used by the user. Recording the fingerprint of the device associated with the current account, and recording if the current device is not a frequently-used device (background judgment, for example, the first use is more than 1 month long than the current use, and the fingerprint is obtained in the last 20 continuous logins).
In some embodiments, determining whether the identifier of the terminal satisfies the second preset condition includes:
if the identifier of the terminal is in the preset list, judging that the identifier of the terminal meets a second preset condition;
and if the identifier of the terminal is not in the preset list, judging that the identifier of the terminal does not meet a second preset condition.
The preset list stores the identification of the common terminal.
In some embodiments, determining whether the frequency of use satisfies the first preset condition based on the history of the application includes:
and if the history record identifier use frequency of the application program is greater than or equal to the frequency threshold, judging that a first preset condition is met.
And if the history record identifier use frequency of the application program is less than the frequency threshold, judging that a first preset condition is met.
Wherein, the frequency comprises the number of times of use or the running time in the preset time.
And step S27, the application program is safe.
Step S29 is executed.
Step S28, identifying the application as risky.
Step S30 is executed.
And step S29, opening the corresponding authority of the application program.
And step S30, closing at least part of the authority of the application program.
The result of step 27 or step 28 may be transmitted to the terminal in JSON mode. JSON (JavaScript Object Notification) is a lightweight data exchange format. Easy to read and write by people. And is easy to be analyzed and generated by a machine. It is based on a subset of JavaScript Programming Language, Standard ECMA-2623rd Edition-Decumber 1999.
In the above embodiment, the statistics are obtained based on big data classification. The statistical process is briefly described below in terms of a decision tree and the ID3 algorithm.
The basic idea of the decision tree is to classify data based on attributes, starting from the attributes (or features) of the data, and based on the attributes, to classify different classes. The problem that the ID3 algorithm needs to solve is how to select features as criteria for partitioning a data set. In the ID3 algorithm, selecting the attribute with the largest information gain as the current characteristic to classify the data set; in addition, the ID3 algorithm needs to solve the problem of how to judge the end of the partition, which is ended when the target attribute is all one value when a certain classification is encountered or when the target attribute reaches a certain threshold.
Based on big data analysis and empirical data display, the most typical 6 features were selected for analysis:
jail crossing/Root: and if the system is cracked, the iOS platform is called as jail crossing, and the Android platform is called as Root.
Connecting the agent: in order to facilitate the packet capture analysis of the request content, the Http proxy is manually set to implement the request (mainly including the client proxy and the PC proxy).
The common equipment comprises: the device identification of the frequently-used device can be stored in a frequently-used device table, and whether the frequently-used device is used or not is judged based on the device identification; alternatively, a fingerprint of the device associated with the current account may be recorded, if the current device is not a commonly used device (background determination, for example, the fingerprint is recorded when the first use is more than 1 month long from the current time, and at the same time, the fingerprint is recorded when the last 20 consecutive logins are performed).
Common functions are as follows: the 6 functions of checking account, repayment, amount, point, payment and card account for 92% of users. Based on the statistics, it can be preset which functions are commonly used functions. The frequency or duration of use of the function by the user may also be stored.
With sim card: whether the sim card is inserted into the mobile phone currently.
Real machine environment: the mobile phone is a real mobile phone or a simulator, and is mainly judged by calling related hardware such as a microphone, and if the hardware is called, the mobile phone is judged to be a real mobile phone environment. If there are no hardware calls, a virtual machine or simulator environment is identified.
Part of the training data information is shown in table 1:
| login behavior | jail/Root crossing | Connection broker | General equipment | Common functions | Sim card | Real machine environment | Results |
| 1 | Is that | Is that | Is that | Whether or not | Is that | Is that | Secure |
| 2 | Whether or not | Is that | Is that | Whether or not | Is that | Is that | Secure |
| 3 | Is that | Whether or not | Is that | Is that | Whether or not | Is that | Is not safe |
| 4 | Whether or not | Whether or not | Whether or not | Is that | Whether or not | Is that | Secure |
| 5 | Is that | Is that | Whether or not | Whether or not | Whether or not | Whether or not | Is not safe |
| 6 | Whether or not | Is that | Whether or not | Whether or not | Is that | Is that | Secure |
| 7 | Is that | Whether or not | Whether or not | Whether or not | Is that | Is that | Secure |
TABLE 1
In the above embodiments, after identifying a safe environment or a risky environment, a corresponding response is made.
Fig. 3 is a flowchart of a risk identification method provided in an embodiment of the present disclosure, where the risk identification method shown in fig. 3 includes:
a training step, an identification step and a risk control step.
The training step comprises steps S31-S34, the identification step is S35, and the risk control step is S36.
Step S31, updating the algorithm parameters of the client;
the algorithm of the client is a big data algorithm required by statistics, such as a gradient descent method and a quasi-Newton method, which is not limited by the present disclosure.
Step S32, obtaining the user state;
the user state refers to the states of whether the system is cracked, whether functions are frequently used, whether an SIM card is inserted, whether the environment is real, whether equipment is frequently used, and the like.
Step S33, data reporting background;
and the client side sends the user state data to the server.
S34, continuously optimizing by using an ID3 algorithm based on the existing training data;
in this step, the data may be updated periodically.
Step S35, judging the reliability of the user login behavior;
in particular, the confidence level is a result of the above-described identifying environmental security or risk. And the client analyzes the JSON character string and calculates the reliability of the login by using App environment information after the login is finished.
And step S36, if the risk exists, shielding the risk function.
Dynamically controlling whether the service with the demand in the App is temporarily closed according to the credibility calculation result (safe/unsafe) so as to reduce the loss of economy and the like
Fig. 4 is a risk identification apparatus provided in an embodiment of the present invention, where the apparatus includes:
a first judging module 401 configured to judge whether a system in which the application program runs is cracked;
a second judging module 402 configured to judge whether to connect an agent if the system is cracked;
a first identification module 403 configured to identify that the application is at risk if the terminal connects to the agent.
In some embodiments, the apparatus further comprises:
the third judgment module is configured to judge whether the running environment of the application program is a real machine environment if the system is not cracked;
the detection module is configured to detect whether the SIM card is inserted into the terminal if the terminal is in a real machine environment;
and the second identification module is configured to identify the safety of the application program if the SIM card is inserted.
In some embodiments, the apparatus further comprises:
a third identification module configured to identify that the application is at risk if it is a simulator environment.
In some embodiments, the apparatus further comprises:
a fourth identification module configured to identify that the application is at risk if the SIM card is not inserted.
In some embodiments, the apparatus further comprises:
the fourth judging module is configured to judge whether the use frequency meets a first preset condition or not based on the history of the application program if the terminal is not connected with the agent;
and the fifth identification module is configured to identify that the program is safe if the first preset condition is met.
In some embodiments, the apparatus further comprises:
the fifth judging module is configured to judge whether the identifier of the terminal meets a second preset condition or not if the first preset condition is not met;
and the sixth identification module is configured to identify that the program should be safe if a second preset condition is met.
In some embodiments, the apparatus further comprises:
a seventh identifying module configured to identify that the program should be at risk if the second preset condition is not satisfied.
In some embodiments, the apparatus further comprises:
the first processing module is configured to close at least part of the authority of the application program if the application program is at risk.
And the second processing module is configured to open the corresponding authority of the application program if the application program is safe.
According to another aspect of the embodiments of the present invention, there is also provided a non-volatile storage medium including a stored program, wherein the program controls a device in which the non-volatile storage medium is located to perform a risk identification method when running.
According to another aspect of the embodiments of the present invention, there is also provided a risk identification apparatus, including a processor and a memory, where the memory stores computer readable instructions, and the processor is configured to execute the computer readable instructions, where the computer readable instructions execute a risk identification method.
The safety of the running environment of the mobile phone of the user is comprehensively judged according to the information such as whether the system is cracked, whether the agent is connected, whether the terminal is a frequently-used device, whether the application program is frequently used, whether the SIM card is inserted and the like.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (11)
1. A method for risk identification of an application, the method comprising:
judging whether a system operated by the application program is cracked or not;
if the system is cracked, judging whether the agent is connected or not;
and if the terminal is connected with the agent, identifying that the application program is risky.
2. The risk identification method of claim 1, further comprising:
if the system is not cracked, judging whether the running environment of the application program is a real machine environment or not;
if the terminal is in a real machine environment, detecting whether an SIM card is inserted into the terminal;
and if the SIM card is inserted, identifying the safety of the application program.
3. The method of claim 2, further comprising:
if a simulator environment, the application is identified as risky.
4. The method of claim 2, further comprising:
if no SIM card is inserted, the application is identified as risky.
5. The risk identification method of claim 1, further comprising:
if the terminal is not connected with the agent, judging whether the use frequency meets a first preset condition or not based on the history of the application program;
and if the first preset condition is met, identifying the safety of the program.
6. The method of claim 5, further comprising:
if the first preset condition is not met, judging whether the identifier of the terminal meets a second preset condition or not;
and if the second preset condition is met, identifying the safety of the program.
7. The method of claim 6, further comprising:
if the second predetermined condition is not met, the program is identified as risky.
8. The method according to any one of claims 1-7, further comprising:
if the application program is at risk, closing at least part of the authority of the application program;
and if the application program is safe, opening the corresponding authority of the application program.
9. A risk identification device, the device comprising:
the first judgment module is configured to judge whether a system operated by the application program is cracked;
a second judging module configured to judge whether the agent is connected if the system is cracked;
a first identification module configured to identify that the application is at risk if the terminal connects to a proxy.
10. A non-volatile storage medium, comprising a stored program, wherein the program when executed controls a device in which the non-volatile storage medium is located to perform the risk identification method of any one of claims 1 to 8.
11. A risk identification device comprising a processor and a memory, the memory having stored thereon computer-readable instructions, the processor being configured to execute the computer-readable instructions, wherein the computer-readable instructions when executed perform the risk identification method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110085977.8A CN112804686A (en) | 2021-01-22 | 2021-01-22 | Risk identification method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110085977.8A CN112804686A (en) | 2021-01-22 | 2021-01-22 | Risk identification method and device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112804686A true CN112804686A (en) | 2021-05-14 |
Family
ID=75811143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110085977.8A Pending CN112804686A (en) | 2021-01-22 | 2021-01-22 | Risk identification method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112804686A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110131421A1 (en) * | 2009-12-02 | 2011-06-02 | Fabrice Jogand-Coulomb | Method for installing an application on a sim card |
| CN102915418A (en) * | 2012-05-28 | 2013-02-06 | 北京金山安全软件有限公司 | computer security protection method and device and computer |
| CN104966031A (en) * | 2015-07-01 | 2015-10-07 | 复旦大学 | Method for identifying permission-irrelevant private data in Android application program |
| US9614851B1 (en) * | 2014-02-27 | 2017-04-04 | Open Invention Network Llc | Security management application providing proxy for administrative privileges |
| CN108154026A (en) * | 2017-12-28 | 2018-06-12 | 成都卫士通信息产业股份有限公司 | Safety communicating method and system of the Root without intrusion are exempted from based on android system |
| CN111310183A (en) * | 2020-03-04 | 2020-06-19 | 深信服科技股份有限公司 | Software risk identification method, device, equipment, storage medium and system |
| CN111601304A (en) * | 2020-04-29 | 2020-08-28 | 上海伊邦医药信息科技有限公司 | Method for generating unique identification code of mobile terminal equipment for controlling security risk |
-
2021
- 2021-01-22 CN CN202110085977.8A patent/CN112804686A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110131421A1 (en) * | 2009-12-02 | 2011-06-02 | Fabrice Jogand-Coulomb | Method for installing an application on a sim card |
| CN102915418A (en) * | 2012-05-28 | 2013-02-06 | 北京金山安全软件有限公司 | computer security protection method and device and computer |
| US9614851B1 (en) * | 2014-02-27 | 2017-04-04 | Open Invention Network Llc | Security management application providing proxy for administrative privileges |
| CN104966031A (en) * | 2015-07-01 | 2015-10-07 | 复旦大学 | Method for identifying permission-irrelevant private data in Android application program |
| CN108154026A (en) * | 2017-12-28 | 2018-06-12 | 成都卫士通信息产业股份有限公司 | Safety communicating method and system of the Root without intrusion are exempted from based on android system |
| CN111310183A (en) * | 2020-03-04 | 2020-06-19 | 深信服科技股份有限公司 | Software risk identification method, device, equipment, storage medium and system |
| CN111601304A (en) * | 2020-04-29 | 2020-08-28 | 上海伊邦医药信息科技有限公司 | Method for generating unique identification code of mobile terminal equipment for controlling security risk |
Non-Patent Citations (2)
| Title |
|---|
| 徐小天 等: "《移动平台应用安全风险与防护方法研究》", 《华北电力技术》 * |
| 王欢: "《一种端到端的移动App动态防护体系实践》", 《中国新通信》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3373626B1 (en) | Method and device for use in risk management of application information | |
| CN109087106B (en) | Wind control model training and wind control method, device and equipment for recognizing fraudulent use of secondary number-paying account | |
| CN108366045B (en) | Method and device for setting wind control scoring card | |
| TWI767879B (en) | Computer system-based online transaction risk identification method and device | |
| CN110417778B (en) | Access request processing method and device | |
| KR101743269B1 (en) | Method and apparatus of fraud detection by analysis of PC information and modeling of behavior pattern | |
| US10320841B1 (en) | Fraud score heuristic for identifying fradulent requests or sets of requests | |
| CN106656932A (en) | Business processing method and device | |
| KR101947757B1 (en) | Security management system for performing vulnerability analysis | |
| US11853433B2 (en) | Systems and methods for using an application control prioritization index | |
| CN109828780B (en) | Open source software identification method and device | |
| JP6282217B2 (en) | Anti-malware system and anti-malware method | |
| CN111522724A (en) | Abnormal account determination method and device, server and storage medium | |
| CN113051543A (en) | Cloud service security verification method and cloud service system in big data environment | |
| US20200012780A1 (en) | Composite challenge task generation and deployment | |
| CN112804686A (en) | Risk identification method and device and storage medium | |
| CN109598525B (en) | Data processing method and device | |
| KR102040227B1 (en) | Method and system for evaluating security effectiveness between device | |
| CN107229865B (en) | Method and device for analyzing Webshell intrusion reason | |
| CN115391224A (en) | Flow playback method and device, computer equipment and readable storage medium | |
| CN114298714A (en) | Account identity authentication method and device, electronic equipment and storage medium | |
| CN113055368A (en) | Web scanning identification method and device and computer storage medium | |
| CN110851822A (en) | Network download safety processing method and device | |
| CN109635078A (en) | O&M method and server based on conversational system | |
| CN115964582B (en) | Network security risk assessment method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210514 |
|
| RJ01 | Rejection of invention patent application after publication |