CN113254932A - Application program risk detection method and device, electronic equipment and medium - Google Patents
Application program risk detection method and device, electronic equipment and medium Download PDFInfo
- Publication number
- CN113254932A CN113254932A CN202110669011.9A CN202110669011A CN113254932A CN 113254932 A CN113254932 A CN 113254932A CN 202110669011 A CN202110669011 A CN 202110669011A CN 113254932 A CN113254932 A CN 113254932A
- Authority
- CN
- China
- Prior art keywords
- application
- determining
- detection
- application program
- category
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 216
- 238000000034 method Methods 0.000 claims abstract description 49
- 238000012545 processing Methods 0.000 claims abstract description 39
- 230000008569 process Effects 0.000 claims description 28
- 238000012797 qualification Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 11
- 230000004044 response Effects 0.000 claims description 7
- 239000000126 substance Substances 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 8
- 230000006399 behavior Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The present disclosure provides a method, an apparatus, a device, a medium, and a product for risk detection of an application program, which relate to the field of computer technologies, and in particular, to the field of security and application compliance. The risk detection method of the application program comprises the following steps: determining the category of the application program based on the description information of the application program; determining a target detection strategy corresponding to the category from at least one detection strategy based on the category; processing the application program based on the target detection strategy to obtain detection data; based on the detection data, it is determined whether the application is at risk.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to the field of security and application compliance, and more particularly, to a method and an apparatus for risk detection of an application program, an electronic device, a medium, and a program product.
Background
In the related art, it is generally required to detect whether an application has a risk. However, in the related art, when detecting whether an application program has a risk, the detection effect is not good, and it is difficult to meet the risk detection requirements in various scenarios.
Disclosure of Invention
The disclosure provides a risk detection method and apparatus for an application, an electronic device, a storage medium, and a program product.
According to an aspect of the present disclosure, there is provided a risk detection method for an application, including: determining the category of the application program based on the description information of the application program; determining a target detection strategy corresponding to the category from at least one detection strategy based on the category; processing the application program based on the target detection strategy to obtain detection data; determining whether the application is at risk based on the detection data.
According to another aspect of the present disclosure, there is provided a risk detection apparatus for an application, including: the device comprises a first determining module, a second determining module, a processing module and a third determining module. The first determination module is used for determining the category of the application program based on the description information of the application program; a second determining module, configured to determine, based on the category, a target detection policy corresponding to the category from at least one detection policy; the processing module is used for processing the application program based on the target detection strategy to obtain detection data; a third determining module for determining whether the application program is at risk based on the detection data.
According to another aspect of the present disclosure, there is provided an electronic device including: at least one processor and a memory communicatively coupled to the at least one processor. Wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to perform the method for risk detection of an application program as described above.
According to another aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the risk detection method of an application program described above.
According to another aspect of the present disclosure, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the risk detection method of an application as described above.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 schematically illustrates an application scenario of a risk detection method and apparatus for an application according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a risk detection method of an application according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a schematic diagram of a risk detection method of an application according to another embodiment of the present disclosure;
FIG. 4 schematically illustrates a schematic diagram of a risk detection method of an application according to another embodiment of the present disclosure;
FIG. 5 schematically shows a block diagram of a risk detection arrangement of an application according to an embodiment of the present disclosure; and
FIG. 6 is a block diagram of an electronic device for performing risk detection of an application used to implement an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides a risk detection method for an application program. The risk detection method of the application program comprises the following steps: and determining the category of the application program based on the description information of the application program. Then, based on the category, a target detection policy corresponding to the category is determined from the at least one detection policy, and the application program is processed based on the target detection policy to obtain detection data. Next, based on the detection data, it is determined whether the application is at risk.
Fig. 1 schematically illustrates an application scenario of a risk detection method and apparatus for an application according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of an application scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, an application scenario 100 according to this embodiment may include application programs 101, 102, 103 and an electronic device 104.
The electronic device 104 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablets, laptop portable computers, desktop computers, servers, and the like. The electronic device 104 of the disclosed embodiment may run applications 101, 102, 103, for example.
It should be noted that the risk detection method for the application provided by the embodiment of the present disclosure may be executed by the electronic device 104. Accordingly, the risk detection device of the application provided by the embodiment of the present disclosure may be disposed in the electronic device 104.
The electronic device 104 may process the applications 101, 102, 103 in order to perform risk detection for the applications 101, 102, 103. For example, the electronic device 104 may run the applications 101, 102, 103 and determine whether the applications 101, 102, 103 are at risk based on the running results. Alternatively, the electronic device 104 may process the relevant files of the applications 101, 102, 103 to determine whether the applications 101, 102, 103 are at risk.
The embodiment of the present disclosure provides a risk detection method for an application program, and the following describes the risk detection method for an application program according to an exemplary embodiment of the present disclosure with reference to fig. 2 to 4 in combination with the application scenario of fig. 1. The risk detection method of the application program of the embodiment of the present disclosure may be performed by the electronic device 104 shown in fig. 1, for example.
Fig. 2 schematically shows a flow chart of a risk detection method of an application according to an embodiment of the present disclosure.
As shown in fig. 2, the risk detection method 200 of the application program of the embodiment of the present disclosure may include, for example, operations S210 to S240.
In operation S210, a category of the application is determined based on the description information of the application.
In operation S220, a target detection policy corresponding to the category is determined from the at least one detection policy based on the category.
In operation S230, the application is processed based on the object detection policy, resulting in detection data.
In operation S240, it is determined whether the application program is at risk based on the detection data.
Illustratively, the description information of the application includes, but is not limited to, the name of the application, and profile information of the application. The category of the application can be known based on the description information of the application. The categories of applications may be categorized by industry, for example, categories including, but not limited to, medical, educational, financial, car networking, gaming.
For different classes of applications, different detection strategies may be utilized to process the applications in order to detect whether the applications are at risk. For example, for a current application, a detection policy corresponding to the category of the current application is determined as a target detection policy from at least one detection policy stored in a policy repository based on the category of the current application, and the current application is processed based on the target detection policy. Each detection policy stored in the policy repository, for example, has a corresponding tag that, for example, indicates which categories of applications the detection policy applies to for risk detection. Wherein, a detection strategy can have a plurality of labels, each label corresponding to a category.
Processing the current application based on the target detection policy may result in detection data, and then performing data analysis on the detection data may determine whether the application is at risk.
For example, the detection data may be processed based on preset risk rules corresponding to the category of the application. The preset risk rules corresponding to each category may be different. For example, taking the example that the detection data comprises data traffic, the data traffic characterizing the risk of different classes of applications is for example different. For example, for an application program of a first category, when the data traffic exceeds a first threshold, it indicates that there is a risk, and at this time, the preset risk rule corresponding to the first category is, for example, that the data traffic exceeds the first threshold. For example, for an application program of a second category, when the data traffic exceeds a second threshold, it indicates that there is a risk, and at this time, the preset risk rule corresponding to the second category is, for example, that the data traffic exceeds the second threshold, and the second threshold is, for example, different from the first threshold, that is, the preset risk rule corresponding to the first category is different from the preset risk rule corresponding to the second category.
It is to be appreciated that embodiments of the present disclosure process an application by employing different detection strategies for different categories after determining the category of the application in order to determine whether the application is at risk. Therefore, through the embodiment of the disclosure, different risk detections can be executed for different types of application programs, so that the risk detection effect is improved, and the detection requirements under different scenes are met.
Fig. 3 schematically illustrates a schematic diagram of a risk detection method of an application according to an embodiment of the present disclosure.
As shown in fig. 3, an embodiment of the present disclosure includes, for example, a plurality of applications 301, a policy repository 303, and a rule repository 307.
The plurality of applications 301 includes, for example, application a, application B, and application C, and the categories of application a, application B, and application C are, for example, category a, category B, and category C, respectively. The policy repository 303 includes, for example, at least a set of generic policies and a set of category policies. The set of generic policies comprises, for example, the detection policy t1And a detection strategy t2Detection strategy t1And a detection strategy t2For example, each applicable to each category of application. The set of category policies for example comprises a detection policy t3Detection strategy t4And a detection strategy t5Detection strategy t3Detection strategy t4And a detection strategy t5For example for category a, category b and category c, respectively.
Taking the application program a as an example, the category of the application program a is determined to be the category a based on the description information of the application program a. Then, based on the category a, a detection policy corresponding to the category a is determined from the policy repository 303. For example, all detection policies in the general policy set correspond to the category a, and the detection policy t corresponding to the category a is determined from the category policy set3As a candidate detection strategy. Then, all detection strategies and candidate detection strategies (detection strategy t) in the general strategy set are combined3) As a target detection policy for application a.
Next, the application a is processed based on the object detection policy, resulting in detection data 305. Then, a corresponding preset risk rule r is determined from the rule base 307 based on the category a1Using a predetermined risk rule r1The detection data 305 is processed to obtain risk information 309, and the risk information 309 is used to characterize whether the application a is at risk. Different preset risk rules in the rule base 307 are applicable to different classes of applications, for example.
According to the embodiment of the disclosure, different detection strategies are configured for different classes of applications, and the corresponding detection strategies are utilized to process the corresponding classes of applications to obtain detection data. And then, whether the application program has risks is determined based on the detection data by utilizing the preset risk rules corresponding to the categories, so that the risks of the application program are detected in a targeted manner, and the accuracy of risk detection on the application programs of different categories is improved.
Fig. 4 schematically illustrates a schematic diagram of a risk detection method of an application according to another embodiment of the present disclosure.
As shown in fig. 4, an embodiment of the present disclosure includes, for example, a plurality of applications 401, a category identification model 402, a policy repository 403, a behavior trigger engine 404, a rule repository 407, and a rule engine 408.
The plurality of applications 401 includes, for example, application a, application B, and application C, the categories of which are, for example, category a, category B, and category C, respectively. The policy repository 403 includes, for example, at least a general policy set, a category policy set, and a feature policy set. The set of generic policies comprises, for example, the detection policy t1And a detection strategy t2Detection strategy t1And a detection strategy t2For example, each applicable to each category of application. The set of category policies for example comprises a detection policy t3Detection strategy t4And a detection strategy t5Detection strategy t3Detection strategy t4 and detection strategy t5For example for category a, category b and category c, respectively. The set of special policies comprises, for example, a detection policy t6The detection strategies in the special strategy set are, for example, detection strategies that are temporarily increased according to actual conditions.
Taking application a as an example, the description information is processed by using the trained class identification model 402 to obtain the class of the application, and the class of the application a is, for example, class a. The input of the trained class recognition model 402 is, for example, description information of the application program, and the output is, for example, a class of the application program.
In addition to determining the category of the application based on the description information of the application, the category of the current application may be determined for the current application based on a plurality of applications and corresponding categories stored in the intelligence repository. The type of application in the intelligence repository is obtained, for example, by a crawler technique, and may be set in advance by a user. For example, the intelligence library stores a category a corresponding to the application a and a category B corresponding to the application B, and if the current application is the application a, the category of the current application is acquired from the intelligence library as the category a.
Then, based on the category a, a detection policy corresponding to the category a is determined from the policy repository 403. For example, all detection policies in the general policy set correspond to the category a, and the detection policy t corresponding to the category a is determined from the category policy set3As a candidate detection strategy. Then, all detection strategies and candidate detection strategies (detection strategy t) in the general strategy set are combined3) As a target detection policy for application a. If a particular policy set has a detection policy corresponding to category a, the detection policy may be taken as the target detection policy for application A.
Next, the behavior trigger engine 404 is invoked based on the object detection policy, and the application a is processed by the behavior trigger engine 404 based on the object detection policy, resulting in detection data 405. Then, a corresponding preset risk rule r is determined from the rule base 407 based on the category a1Based on a predetermined risk rule r1Invoking the rules engine 408, utilizing the rules engine 408 based on the predetermined risk rules r1The detection data 405 is processed to obtain risk information 409, and the risk information 409 is used for representing whether the application a is at risk. Different preset risk rules in the rule base 407 are applicable for different classes of applications, for example.
According to the embodiment of the disclosure, different detection strategies and preset risk rules are configured for different types of application programs, and whether the application programs have risks is determined according to the corresponding detection strategies and the corresponding preset risk rules, so that the risks of the application programs are detected in a targeted manner, and the risk detection method of the embodiment of the disclosure is suitable for performing risk detection on the different types of application programs.
In an example, the object detection policy corresponding to the category of the application includes, for example, running the application. Processing the application based on the target detection policy includes running the application to obtain running data, and using the running data as detection data. Determining whether the application is at risk based on the detection data includes, for example, but is not limited to, the following examples.
For example, based on the detection data, it is determined whether the authority to acquire data is obtained during the operation of the application program. And if the permission of acquiring the data is not obtained in the process of running the application program, determining that the application program is at risk. The collected data includes, but is not limited to, user information and other relevant information. For example, taking the category of the application as the category of the internet of vehicles as an example, the collected data includes personal information of the user and driving information of the vehicle, for example. If the application program does not obtain the authorization of the user during the operation process and performs data acquisition, the operation of the application program is not in accordance with relevant regulations, namely the application program is determined to be at risk.
For example, based on the detection data, it is determined whether a file for the application is exposed during the running of the application. And if the file for the application program is not shown in the process of running the application program, determining that the application program is in risk. For example, taking the category of the application as an education category as an example, when the relevant file of the education institution is not shown when the application is run (for example, when the user registers), it indicates that the running of the application is not in compliance with the relevant regulation, i.e., it is determined that the application is at risk. The related files of the education institution include, for example, qualification files, teacher qualification files, and the like of the education institution.
For example, it is determined whether the data collected during the execution of the application is data prohibited from being collected, based on the detection data. And if the data collected in the process of running the application program is determined to be the data which is forbidden to be collected, determining that the application program is in risk. For example, some types of data are prohibited from being collected, and if the type of data is collected during the running process of the application, the running of the application is not in accordance with relevant regulations, and the application is determined to be in risk.
In the embodiment of the disclosure, the operation data is obtained by operating the application programs, and for the application programs of different categories, the risk information existing in the application programs of different categories is determined based on the operation data. Therefore, the risk detection method is suitable for risk detection under different scenes by specifically detecting the risk of the application program.
In another example, the object detection policy corresponding to the category of the application includes, for example, processing a file of the application. And processing the application program based on the target detection strategy comprises processing the file of the application program to obtain qualification information in the file, and taking the qualification information as detection data. And if the qualification information is invalid, determining that the application program is at risk. For example, taking the category of the application as an education category as an example, the file of the application includes, for example, a qualification file of an education institution, a teacher qualification file, and the like. And processing the file to obtain qualification information in the file, and determining whether the application program has risks or not based on the qualification information. For example, when the file is a picture, the image is subjected to image recognition to obtain qualification information in the file, wherein the qualification information comprises an effective period, and whether the current time is within the effective period is determined. And if the current time is not within the valid period, the qualification information is invalid, and the application program is determined to be at risk.
In the embodiment of the disclosure, qualification information of the file is obtained by processing the file of the application program, and risk information of the application programs of different categories is determined based on the qualification information for the application programs of different categories. Therefore, the risk detection accuracy of the application programs of different classes is improved by detecting the risk of the application programs in a targeted manner.
Fig. 5 schematically shows a block diagram of a risk detection arrangement of an application according to an embodiment of the present disclosure.
As shown in fig. 5, the risk detection apparatus 500 of the application program of the embodiment of the present disclosure includes, for example, a first determination module 510, a second determination module 520, a processing module 530, and a third determination module 540.
The first determination module 510 may be used to determine the category of the application based on the description information of the application. According to an embodiment of the present disclosure, the first determining module 510 may perform, for example, operation S210 described above with reference to fig. 2, which is not described herein again.
The second determination module 520 may be configured to determine a target detection policy corresponding to the category from the at least one detection policy based on the category. According to the embodiment of the present disclosure, the second determining module 520 may perform, for example, operation S220 described above with reference to fig. 2, which is not described herein again.
The processing module 530 may be configured to process the application based on the target detection policy to obtain detection data. According to the embodiment of the present disclosure, the processing module 530 may, for example, perform operation S230 described above with reference to fig. 2, which is not described herein again.
The third determination module 540 may be used to determine whether the application is at risk based on the detection data. According to an embodiment of the present disclosure, the third determining module 540 may, for example, perform operation S240 described above with reference to fig. 2, which is not described herein again.
According to an embodiment of the present disclosure, the at least one detection policy comprises a general policy set and a category policy set; the second determination module 520 includes: a first determination submodule and a second determination submodule. And the first determining submodule is used for determining candidate detection strategies corresponding to the categories from the category strategy set based on the categories. And the second determining submodule is used for taking the detection strategy and the candidate detection strategy in the general strategy set as the target detection strategy.
According to an embodiment of the present disclosure, a target detection policy includes running an application; the processing module 530 is further configured to: and operating the application program to obtain operation data as detection data.
According to an embodiment of the present disclosure, the third determining module 540 includes: a third determination submodule and a fourth determination submodule. And the third determining submodule is used for determining whether the authority of acquiring the data is obtained in the process of running the application program based on the detection data. And the fourth determining submodule is used for responding to the fact that the permission of acquiring the data is not obtained in the process of determining the running of the application program, and determining that the application program is at risk.
According to an embodiment of the present disclosure, the third determining module 540 includes: a fifth determination submodule and a sixth determination submodule. And the fifth determining submodule is used for determining whether the file aiming at the application program is displayed in the process of running the application program or not based on the detection data. And the sixth determining submodule is used for determining that the application program is at risk in response to determining that the file for the application program is not displayed in the process of running the application program.
According to an embodiment of the present disclosure, the third determining module 540 includes: a seventh determination submodule and an eighth determination submodule. And the seventh determining sub-module is used for determining whether the data acquired in the process of running the application program is the data prohibited from being acquired or not based on the detection data. And the eighth determining submodule is used for responding to the data acquired in the process of determining the running application program as the data which is prohibited to be acquired, and determining that the application program is at risk.
According to an embodiment of the present disclosure, a target detection policy includes processing a file of an application; the processing module 530 is further configured to: processing the file of the application program to obtain qualification information in the file as detection data; the third determining module 540 is further configured to: and determining that the application program is at risk in response to the qualification information being invalid.
According to an embodiment of the present disclosure, the first determining module 510 is further configured to: and processing the description information by using the trained category identification model to obtain the category of the application program.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, and do not violate the good customs of the public order.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
FIG. 6 is a block diagram of an electronic device for performing risk detection of an application used to implement an embodiment of the present disclosure.
FIG. 6 illustrates a schematic block diagram of an example electronic device 600 that can be used to implement embodiments of the present disclosure. The electronic device 600 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 6, the apparatus 600 includes a computing unit 601, which can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)602 or a computer program loaded from a storage unit 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the device 600 can also be stored. The calculation unit 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
A number of components in the device 600 are connected to the I/O interface 605, including: an input unit 606 such as a keyboard, a mouse, or the like; an output unit 607 such as various types of displays, speakers, and the like; a storage unit 608, such as a magnetic disk, optical disk, or the like; and a communication unit 609 such as a network card, modem, wireless communication transceiver, etc. The communication unit 609 allows the device 600 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 601 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 601 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The calculation unit 601 performs the respective methods and processes described above, such as the risk detection method of the application program. For example, in some embodiments, the risk detection method of an application may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 600 via the ROM 602 and/or the communication unit 609. When the computer program is loaded into the RAM 603 and executed by the computing unit 601, one or more steps of the above described method of risk detection of an application program may be performed. Alternatively, in other embodiments, the computing unit 601 may be configured by any other suitable means (e.g. by means of firmware) to perform the risk detection method of the application.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in this disclosure may be performed in parallel or sequentially or in a different order, as long as the desired results of the technical solutions provided by this disclosure can be achieved, and are not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (19)
1. A risk detection method of an application, comprising:
determining the category of the application program based on the description information of the application program;
determining a target detection strategy corresponding to the category from at least one detection strategy based on the category;
processing the application program based on the target detection strategy to obtain detection data; and
determining whether the application is at risk based on the detection data.
2. The method of claim 1, wherein the at least one detection policy comprises a set of general policies and a set of category policies; the determining, based on the category, a target detection policy corresponding to the category from at least one detection policy comprises:
determining a candidate detection strategy corresponding to the category from the category strategy set based on the category; and
and taking the detection strategy in the general strategy set and the candidate detection strategy as the target detection strategy.
3. The method of claim 1, wherein the target detection policy comprises running the application; the processing the application program based on the target detection policy to obtain detection data includes:
and operating the application program to obtain operation data as the detection data.
4. The method of claim 3, wherein the determining whether the application is at risk based on the detection data comprises:
determining whether the authority of acquiring data is obtained in the process of running the application program or not based on the detection data; and
and determining that the application program is at risk in response to determining that the permission to acquire the data is not obtained in the process of running the application program.
5. The method of claim 3, wherein the determining whether the application is at risk based on the detection data comprises:
determining whether a file aiming at the application program is displayed in the process of running the application program or not based on the detection data; and
determining that the application is at risk in response to determining that no files for the application are shown in the course of running the application.
6. The method of claim 3, wherein the determining whether the application is at risk based on the detection data comprises:
determining whether the data collected in the process of running the application program is forbidden to be collected or not based on the detection data; and
determining that the application is at risk in response to determining that the data collected during the running of the application is prohibited from being collected.
7. The method of claim 1, wherein the target detection policy comprises processing a file of an application;
the processing the application program based on the target detection policy to obtain detection data includes: processing the file of the application program to obtain qualification information in the file as the detection data;
the determining whether the application is at risk based on the detection data comprises: determining that the application is at risk in response to the qualification information being invalid.
8. The method of any of claims 1-7, wherein the determining the category of the application based on the description information of the application comprises:
and processing the description information by utilizing the trained category identification model to obtain the category of the application program.
9. A risk detection apparatus for an application, comprising:
the first determination module is used for determining the category of the application program based on the description information of the application program;
a second determining module, configured to determine, based on the category, a target detection policy corresponding to the category from at least one detection policy;
the processing module is used for processing the application program based on the target detection strategy to obtain detection data; and
a third determining module for determining whether the application program is at risk based on the detection data.
10. The apparatus of claim 9, wherein the at least one detection policy comprises a set of general policies and a set of category policies; the second determining module includes:
a first determining sub-module, configured to determine, based on the category, a candidate detection policy corresponding to the category from the category policy set; and
and the second determining submodule is used for taking the detection strategy in the general strategy set and the candidate detection strategy as the target detection strategy.
11. The apparatus of claim 9, wherein the target detection policy comprises running the application; the processing module is further configured to:
and operating the application program to obtain operation data as the detection data.
12. The apparatus of claim 11, wherein the third determining means comprises:
a third determining submodule, configured to determine, based on the detection data, whether to obtain a right to acquire data in a process of running the application program; and
and the fourth determining submodule is used for responding to the fact that the permission of acquiring data is not obtained in the process of operating the application program, and determining that the application program is at risk.
13. The apparatus of claim 11, wherein the third determining means comprises:
a fifth determining submodule, configured to determine, based on the detection data, whether to display a file for the application program in a process of running the application program; and
and the sixth determining submodule is used for responding to the fact that the file aiming at the application program is not shown in the process of determining to run the application program, and determining that the application program is at risk.
14. The apparatus of claim 11, wherein the third determining means comprises:
a seventh determining sub-module, configured to determine, based on the detection data, whether data acquired in a process of running the application is data prohibited from being acquired; and
and the eighth determining submodule is used for responding to the data acquired in the process of determining that the application program runs and is prohibited to be acquired, and determining that the application program is at risk.
15. The apparatus of claim 9, wherein the target detection policy comprises processing a file of an application;
the processing module is further configured to: processing the file of the application program to obtain qualification information in the file as the detection data;
the third determining module is further configured to: determining that the application is at risk in response to the qualification information being invalid.
16. The apparatus of any of claims 9-15, wherein the first determining module is further configured to:
and processing the description information by utilizing the trained category identification model to obtain the category of the application program.
17. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-8.
18. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-8.
19. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110669011.9A CN113254932B (en) | 2021-06-16 | 2021-06-16 | Application risk detection method and device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110669011.9A CN113254932B (en) | 2021-06-16 | 2021-06-16 | Application risk detection method and device, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113254932A true CN113254932A (en) | 2021-08-13 |
| CN113254932B CN113254932B (en) | 2024-02-27 |
Family
ID=77188266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110669011.9A Active CN113254932B (en) | 2021-06-16 | 2021-06-16 | Application risk detection method and device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113254932B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113888181A (en) * | 2021-10-25 | 2022-01-04 | 支付宝(杭州)信息技术有限公司 | Business processing and risk detection strategy system construction method, device and equipment |
Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080301765A1 (en) * | 2007-05-31 | 2008-12-04 | The Board Of Trustees Of The University Of Illinois | Analysis of distributed policy rule-sets for compliance with global policy |
| CN102034058A (en) * | 2010-11-25 | 2011-04-27 | 中国联合网络通信集团有限公司 | Method for controlling safety of application software and terminal |
| CN102917346A (en) * | 2012-10-17 | 2013-02-06 | 浙江大学城市学院 | Security policy management system and method for Android-based application program during operation |
| US20140245376A1 (en) * | 2013-02-25 | 2014-08-28 | Beyondtrust Software, Inc. | Systems and methods of risk based rules for application control |
| WO2014133528A1 (en) * | 2013-02-28 | 2014-09-04 | Hewlett-Packard Development Company, L.P. | Determining coverage of dynamic security scans using runtime and static code analyses |
| CN104216785A (en) * | 2014-08-26 | 2014-12-17 | 烽火通信科技股份有限公司 | Common policy task system and implementing method thereof |
| CN104838630A (en) * | 2012-10-10 | 2015-08-12 | 思杰系统有限公司 | Policy-based application management |
| CN108509796A (en) * | 2017-02-24 | 2018-09-07 | 中国移动通信集团公司 | A kind of detection method and server of risk |
| CN109190374A (en) * | 2018-07-25 | 2019-01-11 | 安徽三实信息技术服务有限公司 | Application software safety detecting system and detection method in a kind of application system |
| US20190163813A1 (en) * | 2017-11-27 | 2019-05-30 | Promontory Financial Group Llc | Data preprocessing using risk identifier tags |
| CN110197315A (en) * | 2018-04-08 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Methods of risk assessment, device and its storage medium |
| CN110198313A (en) * | 2019-05-23 | 2019-09-03 | 新华三信息安全技术有限公司 | A kind of method and device of strategy generating |
| CN110399302A (en) * | 2019-07-26 | 2019-11-01 | 中国工商银行股份有限公司 | Risk Identification Method, device, electronic equipment and the medium of Software Testing Project |
| CN111209575A (en) * | 2018-11-22 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Data protection method, generation method, transmission method, device and storage medium |
| US20200285761A1 (en) * | 2019-03-07 | 2020-09-10 | Lookout, Inc. | Security policy manager to configure permissions on computing devices |
| CN111724069A (en) * | 2020-06-22 | 2020-09-29 | 百度在线网络技术(北京)有限公司 | Method, apparatus, device and storage medium for processing data |
| CN111737692A (en) * | 2020-08-17 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Application program risk detection method and device, equipment and storage medium |
| CN111753701A (en) * | 2020-06-18 | 2020-10-09 | 百度在线网络技术(北京)有限公司 | Violation detection method, device and equipment of application program and readable storage medium |
| US20200387843A1 (en) * | 2019-06-08 | 2020-12-10 | Trustarc Inc | Risk management of processes utilizing personal data |
| CN112214418A (en) * | 2020-12-04 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Application compliance detection method and device and electronic equipment |
| CN112462921A (en) * | 2019-09-09 | 2021-03-09 | 中兴通讯股份有限公司 | Application program management method, device and storage medium |
| CN112513846A (en) * | 2018-05-22 | 2021-03-16 | 诺顿卫复客公司 | System and method for controlling application startup based on security policy |
| CN112685737A (en) * | 2020-12-24 | 2021-04-20 | 恒安嘉新(北京)科技股份公司 | APP detection method, device, equipment and storage medium |
-
2021
- 2021-06-16 CN CN202110669011.9A patent/CN113254932B/en active Active
Patent Citations (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080301765A1 (en) * | 2007-05-31 | 2008-12-04 | The Board Of Trustees Of The University Of Illinois | Analysis of distributed policy rule-sets for compliance with global policy |
| CN102034058A (en) * | 2010-11-25 | 2011-04-27 | 中国联合网络通信集团有限公司 | Method for controlling safety of application software and terminal |
| CN104838630A (en) * | 2012-10-10 | 2015-08-12 | 思杰系统有限公司 | Policy-based application management |
| EP2907290A1 (en) * | 2012-10-10 | 2015-08-19 | Citrix Systems Inc. | Policy-based application management |
| CN102917346A (en) * | 2012-10-17 | 2013-02-06 | 浙江大学城市学院 | Security policy management system and method for Android-based application program during operation |
| US20140245376A1 (en) * | 2013-02-25 | 2014-08-28 | Beyondtrust Software, Inc. | Systems and methods of risk based rules for application control |
| WO2014133528A1 (en) * | 2013-02-28 | 2014-09-04 | Hewlett-Packard Development Company, L.P. | Determining coverage of dynamic security scans using runtime and static code analyses |
| CN104216785A (en) * | 2014-08-26 | 2014-12-17 | 烽火通信科技股份有限公司 | Common policy task system and implementing method thereof |
| CN108509796A (en) * | 2017-02-24 | 2018-09-07 | 中国移动通信集团公司 | A kind of detection method and server of risk |
| US20190163813A1 (en) * | 2017-11-27 | 2019-05-30 | Promontory Financial Group Llc | Data preprocessing using risk identifier tags |
| CN110197315A (en) * | 2018-04-08 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Methods of risk assessment, device and its storage medium |
| CN112513846A (en) * | 2018-05-22 | 2021-03-16 | 诺顿卫复客公司 | System and method for controlling application startup based on security policy |
| CN109190374A (en) * | 2018-07-25 | 2019-01-11 | 安徽三实信息技术服务有限公司 | Application software safety detecting system and detection method in a kind of application system |
| CN111209575A (en) * | 2018-11-22 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Data protection method, generation method, transmission method, device and storage medium |
| US20200285761A1 (en) * | 2019-03-07 | 2020-09-10 | Lookout, Inc. | Security policy manager to configure permissions on computing devices |
| CN110198313A (en) * | 2019-05-23 | 2019-09-03 | 新华三信息安全技术有限公司 | A kind of method and device of strategy generating |
| US20200387843A1 (en) * | 2019-06-08 | 2020-12-10 | Trustarc Inc | Risk management of processes utilizing personal data |
| CN110399302A (en) * | 2019-07-26 | 2019-11-01 | 中国工商银行股份有限公司 | Risk Identification Method, device, electronic equipment and the medium of Software Testing Project |
| CN112462921A (en) * | 2019-09-09 | 2021-03-09 | 中兴通讯股份有限公司 | Application program management method, device and storage medium |
| CN111753701A (en) * | 2020-06-18 | 2020-10-09 | 百度在线网络技术(北京)有限公司 | Violation detection method, device and equipment of application program and readable storage medium |
| CN111724069A (en) * | 2020-06-22 | 2020-09-29 | 百度在线网络技术(北京)有限公司 | Method, apparatus, device and storage medium for processing data |
| CN111737692A (en) * | 2020-08-17 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Application program risk detection method and device, equipment and storage medium |
| CN112214418A (en) * | 2020-12-04 | 2021-01-12 | 支付宝(杭州)信息技术有限公司 | Application compliance detection method and device and electronic equipment |
| CN112685737A (en) * | 2020-12-24 | 2021-04-20 | 恒安嘉新(北京)科技股份公司 | APP detection method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 王晖 等: "基于移动应用安全风险分析与策略的研究", 《电子技术与软件工程》, vol. 148, no. 2, pages 180 - 181 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113888181A (en) * | 2021-10-25 | 2022-01-04 | 支付宝(杭州)信息技术有限公司 | Business processing and risk detection strategy system construction method, device and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113254932B (en) | 2024-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8850517B2 (en) | Runtime risk detection based on user, application, and system action sequence correlation | |
| US11176248B2 (en) | Remediation of security vulnerabilities in computer software | |
| CN113408558A (en) | Method, apparatus, device and medium for model verification | |
| CN112818314A (en) | Equipment detection method, device, equipment and storage medium | |
| CN113254932B (en) | Application risk detection method and device, electronic equipment and medium | |
| US20140033097A1 (en) | Method and apparatus of testing a computer program | |
| CN112508005B (en) | Method, apparatus, device and storage medium for processing image | |
| CN113495825A (en) | Line alarm processing method and device, electronic equipment and readable storage medium | |
| CN110674050B (en) | Memory out-of-range detection method and device, electronic equipment and computer storage medium | |
| CN112348104A (en) | Counterfeit program identification method, apparatus, device and storage medium | |
| CN107291614B (en) | File abnormity detection method and electronic equipment | |
| CN113627526B (en) | Vehicle identification recognition method and device, electronic equipment and medium | |
| CN114492370A (en) | Webpage identification method and device, electronic equipment and medium | |
| CN115421831A (en) | Method, device, equipment and storage medium for generating calling relation of activity component | |
| CN114492364A (en) | Same vulnerability judgment method, device, equipment and storage medium | |
| CN113469732A (en) | Content understanding-based auditing method and device and electronic equipment | |
| CN114093006A (en) | Training method, device and equipment of living human face detection model and storage medium | |
| CN113221035A (en) | Method, apparatus, device, medium, and program product for determining an abnormal web page | |
| CN113032251A (en) | Method, device and storage medium for determining service quality of application program | |
| CN114677691B (en) | Text recognition method, device, electronic equipment and storage medium | |
| CN113239296B (en) | Method, device, equipment and medium for displaying small program | |
| CN115294536B (en) | Violation detection method, device, equipment and storage medium based on artificial intelligence | |
| CN114724370A (en) | Traffic data processing method, traffic data processing device, electronic equipment and medium | |
| CN114494788A (en) | Image processing method, image processing apparatus, electronic device, and medium | |
| CN116112245A (en) | Attack detection method, attack detection device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |