CN113935040B - Information security evaluation system and method based on big data mobile terminal - Google Patents
Information security evaluation system and method based on big data mobile terminal Download PDFInfo
- Publication number
- CN113935040B CN113935040B CN202111035092.3A CN202111035092A CN113935040B CN 113935040 B CN113935040 B CN 113935040B CN 202111035092 A CN202111035092 A CN 202111035092A CN 113935040 B CN113935040 B CN 113935040B
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- virus
- information
- attack
- viruses
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an information security evaluation system based on a big data mobile terminal, which is characterized by comprising the following components: the mobile terminal state data acquisition module acquires state data of the mobile terminal in a first unit time; and the virus behavior monitoring module judges the number n of times of virus attack of the mobile terminal in a first unit time and monitors the behavior state of the virus in the mobile terminal after each virus attack. The method and the system can detect the source, the expression form and the attack purpose of viruses, evaluate the information security of the mobile terminal, consider the information security according to the use habit of the owner of the mobile terminal, judge the existing weak points according to the use condition of the mobile terminal, and recommend the best protection software for the mobile terminal according to the obtained weak points.
Description
Technical Field
The invention relates to the technical field of mobile terminals, in particular to an information security evaluation system and method based on a big data mobile terminal.
Background
Along with the rapid development of computer technology and mobile internet of things technology, the use of mobile terminals brings great convenience to people, but people gradually develop viruses which can bring great harm to the mobile terminals, steal information stored in the mobile terminals or monitor screen contents in the mobile terminals through the mobile terminals, and bring great influence to users of the mobile terminals. Moreover, as the use habits of the users of the mobile terminal are different, the virus sources of the mobile terminal for receiving the virus attack are different, and the attack purposes of the virus delivery users for using the viruses are also different, so that the selection of the protection software by the users cannot be accurately judged according to the demands of the users.
For the above situation, an information security evaluation system and method based on a big data mobile terminal are needed, which not only can detect the source, the expression form and the attack purpose of viruses, evaluate the information security of the mobile terminal, but also can consider the information security according to the usage habit of the owner of the mobile terminal, judge the existing weak point according to the usage situation of the mobile terminal, and recommend the best protection software for the mobile terminal according to the obtained weak point.
Disclosure of Invention
The invention aims to provide an information security assessment system and method based on a big data mobile terminal, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme: an information security assessment system based on a big data mobile terminal, comprising:
the mobile terminal state data acquisition module acquires state data of the mobile terminal in a first unit time;
the virus behavior monitoring module judges the number n of times that the mobile terminal is attacked by viruses in a first unit time and monitors the behavior state of the viruses in the mobile terminal after each virus attack;
the virus characteristic analysis module is used for analyzing virus characteristics when each virus attack is performed, wherein the virus characteristics comprise virus sources, expression forms and attack purposes;
the mobile terminal information security level assessment module assesses the security level of the mobile terminal under the condition that the mobile terminal is attacked by viruses in a first unit time;
The mobile terminal weak point analysis module analyzes weak points of the mobile terminal according to the condition that the mobile terminal is attacked by viruses in a first unit time, searches out the weak points in the mobile terminal, stores the weak points, and recommends optimal protection software according to the obtained weak points.
The invention realizes the detection of the source and the attack purpose of viruses together through the cooperation of the modules, also realizes the information security assessment of the mobile terminal, and recommends the best protection software according to the assessment result.
Further, the mobile terminal status data in the mobile terminal status data acquisition module includes: the method comprises the steps of mobile terminal operation records, corresponding time of each operation record, whether the mobile terminal is attacked by viruses or not and the time of the mobile terminal attacked by viruses.
The mobile terminal state data acquisition module acquires the state data of the mobile terminal to lock the source of viruses, judges the source of the viruses and the weak point of the mobile terminal, and further prepares for recommending the optimal protection software subsequently.
Further, in the process that the virus behavior monitoring module monitors the behavior state of the virus in the mobile terminal after each virus attack, the behavior state of the virus in the mobile terminal is the damage mode of the virus to the mobile terminal after the virus attacks the mobile terminal, and the method comprises the following steps: monitor screen information of the mobile terminal and steal information stored in the mobile terminal,
The virus behavior monitoring module monitors the behavior state of the virus in the mobile terminal and takes different countermeasures for different behavior states of the virus in the mobile terminal,
when the behavior state of the virus in the mobile terminal is that the screen information of the mobile terminal is monitored, the virus behavior monitoring module directly clears the virus, judges that the expression form of the virus is that the screen information of the mobile terminal is monitored, and the attack purpose of the virus is to acquire the screen information of the mobile terminal;
when the behavior state of the virus in the mobile terminal is that information stored in the mobile terminal is stolen, the virus behavior monitoring module tracks the path of the information stored in the mobile terminal which is stolen by the virus.
The invention discloses a virus behavior monitoring module, which monitors the behavior state of viruses in a mobile terminal after each virus attack, and aims to monitor the viruses under the condition that the information in the mobile terminal is not stolen or monitored by a virus owner. The virus is monitored, the attack purpose of the virus can be effectively analyzed, and the information which is primarily acquired by the virus when the mobile terminal is attacked by the virus can be identified by tracking the behavior of the virus in the mobile terminal, so that the direction of the mobile terminal to be reinforced for protection is confirmed.
Further, the method for tracking the path of information stored in the mobile terminal by the virus behavior monitoring module comprises the following steps:
s1.1, judging a storage information file format to be opened by viruses in a mobile terminal;
s1.2, when the file format of the storage information to be opened by the virus in the step S1.1 is a folder, the virus is not processed, the name of the folder to be opened is recorded, and the file format of the storage information to be opened by the virus is continuously monitored;
s1.3, repeating the operation in the step S1.2 until the virus behavior monitoring module clears the virus before the virus is ready to open the stored information file when the stored information file to be opened in the step S1.1 is in a format except a folder;
s1.4, extracting the names of the opened folders recorded in the step S1.2, the stored information files to be opened in the formats except the folders in the step S1.3 and the positions of the stored information files;
s1.5, judging the information position a1 to be stolen by the virus according to the name of the opened folder and the position of the stored information file to be opened in the format except the folder recorded in the step S1.4, and judging the information content type a2 to be stolen by the virus according to the content of the stored information file to be opened in the format except the folder;
S1.6, judging that the expression form of the virus is to steal the stored information of the mobile terminal according to the results a1 and a2 obtained in the step S1.5, wherein the attack purpose of the virus is to acquire the information content type a2 at the information position a1 in the mobile terminal.
The invention discloses a method for monitoring the behavior state of viruses in a mobile terminal after each virus attack, which comprises the steps of judging whether the file is a folder or not when the behavior state of the viruses in the mobile terminal is that information stored in the mobile terminal is stolen, wherein the folder represents a path for storing information in the mobile terminal, but when a file format to be opened is not the folder, the file to be opened contains specific information, and the method has substantial influence on a user, so that whether the file is the folder or not is judged in advance, and the viruses are cleared in advance under the condition that the file to be opened is in a format other than the folder. Tracking the behavior of viruses in a mobile terminal can effectively judge the purpose of the viruses attacking the mobile terminal and the weak point of the mobile terminal. The information content type a2 is obtained to analyze the information that the virus wants to obtain, and then to judge the protection direction of the mobile terminal, and meanwhile, according to the different information content types, different risk coefficients are given when the mobile terminal is subjected to security assessment, and the more important the information content type is relative to the owner of the mobile terminal, the higher the corresponding risk coefficient is.
Further, the method for judging the type a2 of the information content to be stolen by the virus according to the content of the stored information file to be opened in the format except the folder in the step S1.5 comprises the following steps:
s2.1, extracting the content of a storage file which is in a format except a folder and is opened, and extracting keywords from the content of the storage file, wherein the keywords comprise fixed fields, fixed-length digital combinations or fixed-length digital and fixed-text combinations;
s2.2, matching the keywords extracted in the step S2.1 with a prefabricated information content type database, wherein different information content types in the prefabricated information content type database correspond to different type numbers, the type numbers reflect the importance degree of the information content types corresponding to the type numbers, and the smaller the type numbers are, the higher the importance degree of the information content types corresponding to the type numbers are;
s2.3, when the number of successfully matched information content types in the keyword extracted and the prefabricated information content type database is larger than or equal to a first preset value, judging that the stored file content contains the information content type;
s2.4, matching all extracted keywords with a class database in the prefabricated information content according to the step S2.3, and matching all classes and corresponding class numbers in the information content corresponding to all extracted keywords;
S2.5, acquiring all information content types and corresponding type numbers corresponding to all extracted keywords obtained in the step S2.4, and taking the information content type corresponding to the minimum type number in the obtained type numbers as the information content type a2 to be stolen by the virus.
When the keywords are extracted, the keywords are divided into fixed fields, fixed-length digital combinations or fixed-length digital and fixed-text combinations, wherein the fixed fields refer to the fixed keywords, the fixed-length digital combinations consider that information similar to telephone numbers can exist, and the telephone numbers can be extracted through the digits of the telephone numbers because the combination of the contents of the telephone numbers has diversity but the digits of the telephone numbers are fixed; the combination of the fixed length numbers and the fixed text is to consider similar keywords like date, such as: since the digital part content is not fixed but the number of digits is fixed and the text part content is fixed in 2021, 28 of 07 of the year, the keyword can be screened in this way when being extracted. In the matching of the information content types, the first preset value is set to prevent judgment errors caused by accidental occurrence of keywords, so that the matching efficiency is improved.
Furthermore, when the virus characteristic analysis module analyzes the virus characteristic, the expression form and the attack purpose of the virus are directly obtained by the virus behavior monitoring module, the virus source is analyzed by the state data of the mobile terminal in the mobile terminal state data acquisition module,
the method for analyzing the virus source in the virus characteristics by the virus characteristic analysis module comprises the following steps:
s3.1, acquiring mobile terminal operation records in the state data of the mobile terminal, corresponding time of each operation record, whether the mobile terminal is attacked by viruses and the time of the mobile terminal attacked by viruses;
s3.2, calculating according to a time point t of the mobile terminal attacked by the virus, subtracting a second preset value t2 from t, and obtaining a result which is the starting time of detection of the operation record of the mobile terminal, namely t-t2, wherein the second preset value t2 is the maximum interval time from the improper operation of the mobile terminal to the attack by the virus, and screening out all the operation records of the mobile terminal, wherein the corresponding time of each operation record of the mobile terminal is greater than or equal to t-t2 and less than or equal to t;
s3.3, analyzing and detecting the contents in all the operation records of the mobile terminal screened in the step S3.2 one by a high-altitude characteristic analysis module, judging whether the virus can be detected, and if the virus is detected, taking the contents in the operation records of the mobile terminal as a virus source of the virus and storing the virus;
S3.4, if the virus is not detected, starting from the corresponding time t-t2 of each operation record of the mobile terminal, analyzing and detecting the content in the corresponding operation record of the mobile terminal one by one according to the sequence from late to early in time until the virus is detected, taking the content in the operation record of the mobile terminal as the virus source of the virus, and storing.
When the virus characteristic analysis module acquires the virus source, the time point t of the virus attack of the mobile terminal, the preset maximum interval time from the improper operation of the mobile terminal to the virus attack, the mobile terminal operation record in the state data of the mobile terminal and the corresponding time of each operation record are acquired, the time point t of the virus attack of the mobile terminal, the preset maximum interval time from the improper operation of the mobile terminal to the virus attack lock the possible occurrence time of the virus attack, then the mobile terminal operation record in the time period is extracted, screened one by one, and finally the virus source is locked. The detection is started from t-t2 because the interval time of attack exists in the virus, and the screening speed of virus sources can be improved and the detection efficiency can be improved by setting the interval time of t 2.
Further, the mobile terminal information security level evaluation module evaluates the security level of the mobile terminal through the condition that the mobile terminal is attacked by viruses in a first unit time,
before evaluating the security level of the mobile terminal, the number n of times the mobile terminal is attacked by virus in a first unit time, and virus sources, expression forms and attack purposes in virus characteristics during each virus attack are required to be respectively obtained,
matching the content in the operation record of the mobile terminal in the virus source with a first database, matching a corresponding risk coefficient b1 of the content in the operation record of the mobile terminal in the first database, counting the virus attack times n1 of the virus source same as the virus, multiplying b1 by the quotient of n1 and n, taking the obtained result c1 as the final virus source risk coefficient of the virus,
monitoring screen information of the mobile terminal and stealing stored information of the mobile terminal, matching the expression forms of the two viruses with a second database, matching the corresponding risk coefficient b2 of the two expression forms in the second database, counting the virus attack times n2 of the expression forms of the viruses which are the same as the viruses, multiplying b2 by the quotient of n2 and n, taking the obtained result c2 as the final expression form risk coefficient of the viruses,
Matching the information content type a2 at the information position a1 in the mobile terminal in the virus attack purpose with a third database, matching the corresponding risk coefficient b3 of the virus attack purpose in the third database, counting the virus attack times n3 of which the virus attack purpose is the same as that of the virus, multiplying b3 by the quotient of n3 and n, taking the obtained result c3 as the final attack purpose risk coefficient of the virus,
multiplying the corresponding c1, c2 and c3 of the viruses of the mobile terminal under attack to obtain the risk of the viruses of the mobile terminal under attack, adding the risk of the viruses of the mobile terminal under attack to obtain the risk d of the mobile terminal in a first unit time,
and comparing d with the risk threshold intervals corresponding to the security levels of the mobile terminal to obtain the security level corresponding to the risk threshold interval to which d belongs.
In the process of evaluating the security level of the mobile terminal, the mobile terminal information security level evaluation module respectively acquires the number n of times of virus attack of the mobile terminal in a first unit time and virus sources, expression forms and attack purposes in virus characteristics during each virus attack, respectively calculates c1, c2 and c3, further acquires the risk degree d of the mobile terminal in the first unit time, and acquires the security level corresponding to the mobile terminal according to the risk degree threshold interval to which d belongs. The quotient of n1 and n is multiplied by b1, because the different use conditions of each mobile terminal user can cause the difference of the proportion of the virus sources attacked by the mobile terminal in the number n of times of virus attack in the first unit time, the higher the proportion is, the greater the influence of the harm of the virus sources corresponding to the proportion on the mobile terminal is, and the final virus source risk coefficient c1 of the virus relative to the mobile terminal is further obtained by multiplying the quotient of n1 and n by b 1.
Furthermore, the mobile terminal weak point analysis module obtains b1, c3 and b3 corresponding to viruses attacking the mobile terminal each time in the mobile terminal information security level evaluation module,
calculating quotient f1 of c1 and b1 and quotient f3 of c3 and b3 respectively, solving the maximum value of f1 and f3 respectively, obtaining virus source e1 corresponding to the maximum value of f1, obtaining attack destination e3 of virus corresponding to the maximum value of f3, wherein e1 and e3 are weak points of the mobile terminal, comparing protection ranks of e1 and e3 in the existing protection software, and taking software which is ranked within a third preset value in the protection ranks of e1 and e3 as optimal protection software.
An information security assessment method based on a big data mobile terminal comprises the following steps:
s1, acquiring state data of a mobile terminal in a first unit time through a mobile terminal state data acquisition module;
s2, judging the number n of times of virus attack of the mobile terminal in a first unit time through a virus behavior monitoring module, and monitoring the behavior state of viruses in the mobile terminal after each virus attack;
s3, analyzing virus characteristics of each virus attack by a virus characteristic analysis module, wherein the virus characteristics comprise virus sources, expression forms and attack purposes;
S4, the mobile terminal information security level evaluation module evaluates the security level of the mobile terminal under the condition that the mobile terminal is attacked by viruses in a first unit time;
s5, the weak point analysis module of the mobile terminal analyzes weak points of the mobile terminal according to the condition that the mobile terminal is attacked by viruses in a first unit time, searches out the weak points in the mobile terminal, stores the weak points, and recommends optimal protection software according to the obtained weak points.
Compared with the prior art, the invention has the following beneficial effects: the method and the system can detect the source, the expression form and the attack purpose of viruses, evaluate the information security of the mobile terminal, consider the information security according to the use habit of the owner of the mobile terminal, judge the existing weak points according to the use condition of the mobile terminal, and recommend the best protection software for the mobile terminal according to the obtained weak points.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention. In the drawings:
FIG. 1 is a schematic diagram of the information security assessment system based on a big data mobile terminal;
FIG. 2 is a schematic flow chart of a method for tracking information stored in a mobile terminal by a virus behavior monitoring module in an information security evaluation system based on a big data mobile terminal;
FIG. 3 is a flow chart of a method for judging the type a2 of the information content to be stolen by the virus according to the content of the stored information file to be opened in the format except the folder in the information security evaluation system virus behavior monitoring module of the big data mobile terminal;
fig. 4 is a flow chart of an information security assessment method based on a big data mobile terminal.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-4, the present invention provides the following technical solutions: an information security assessment system based on a big data mobile terminal, comprising:
the mobile terminal state data acquisition module acquires state data of the mobile terminal in a first unit time;
the virus behavior monitoring module judges the number n of times that the mobile terminal is attacked by viruses in a first unit time and monitors the behavior state of the viruses in the mobile terminal after each virus attack;
the virus characteristic analysis module is used for analyzing virus characteristics when each virus attack is performed, wherein the virus characteristics comprise virus sources, expression forms and attack purposes;
the mobile terminal information security level assessment module assesses the security level of the mobile terminal under the condition that the mobile terminal is attacked by viruses in a first unit time;
the mobile terminal weak point analysis module analyzes weak points of the mobile terminal according to the condition that the mobile terminal is attacked by viruses in a first unit time, searches out the weak points in the mobile terminal, stores the weak points, and recommends optimal protection software according to the obtained weak points.
The invention realizes the detection of the source and the attack purpose of viruses together through the cooperation of the modules, also realizes the information security assessment of the mobile terminal, and recommends the best protection software according to the assessment result.
The mobile terminal state data in the mobile terminal state data acquisition module comprises: the method comprises the steps of mobile terminal operation records, corresponding time of each operation record, whether the mobile terminal is attacked by viruses or not and the time of the mobile terminal attacked by viruses.
The mobile terminal state data acquisition module acquires the state data of the mobile terminal to lock the source of viruses, judges the source of the viruses and the weak point of the mobile terminal, and further prepares for recommending the optimal protection software subsequently.
In the process that the virus behavior monitoring module monitors the behavior state of the virus in the mobile terminal after each virus attack, the behavior state of the virus in the mobile terminal is the damage mode of the virus to the mobile terminal after the virus attacks the mobile terminal, and the method comprises the following steps: monitor screen information of the mobile terminal and steal information stored in the mobile terminal,
the virus behavior monitoring module monitors the behavior state of the virus in the mobile terminal and takes different countermeasures for different behavior states of the virus in the mobile terminal,
When the behavior state of the virus in the mobile terminal is that the screen information of the mobile terminal is monitored, the virus behavior monitoring module directly clears the virus, judges that the expression form of the virus is that the screen information of the mobile terminal is monitored, and the attack purpose of the virus is to acquire the screen information of the mobile terminal;
when the behavior state of the virus in the mobile terminal is that information stored in the mobile terminal is stolen, the virus behavior monitoring module tracks the path of the information stored in the mobile terminal which is stolen by the virus.
The invention discloses a virus behavior monitoring module, which monitors the behavior state of viruses in a mobile terminal after each virus attack, and aims to monitor the viruses under the condition that the information in the mobile terminal is not stolen or monitored by a virus owner.
The method for tracking the path of information stored in the mobile terminal stolen by the virus behavior monitoring module comprises the following steps:
S1.1, judging a storage information file format to be opened by viruses in a mobile terminal;
s1.2, when the file format of the storage information to be opened by the virus in the step S1.1 is a folder, the virus is not processed, the name of the folder to be opened is recorded, and the file format of the storage information to be opened by the virus is continuously monitored;
s1.3, repeating the operation in the step S1.2 until the virus behavior monitoring module clears the virus before the virus is ready to open the stored information file when the stored information file to be opened in the step S1.1 is in a format except a folder;
s1.4, extracting the names of the opened folders recorded in the step S1.2, the stored information files to be opened in the formats except the folders in the step S1.3 and the positions of the stored information files;
s1.5, judging the information position a1 to be stolen by the virus according to the name of the opened folder and the position of the stored information file to be opened in the format except the folder recorded in the step S1.4, and judging the information content type a2 to be stolen by the virus according to the content of the stored information file to be opened in the format except the folder;
s1.6, judging that the expression form of the virus is to steal the stored information of the mobile terminal according to the results a1 and a2 obtained in the step S1.5, wherein the attack purpose of the virus is to acquire the information content type a2 at the information position a1 in the mobile terminal.
The invention discloses a method for monitoring the behavior state of viruses in a mobile terminal after each virus attack, which comprises the steps of judging whether the file is a folder or not when the behavior state of the viruses in the mobile terminal is that information stored in the mobile terminal is stolen, wherein the folder represents a path for storing information in the mobile terminal, but when a file format to be opened is not the folder, the file to be opened contains specific information, and the method has substantial influence on a user, so that whether the file is the folder or not is judged in advance, and the viruses are cleared in advance under the condition that the file to be opened is in a format other than the folder.
The method for judging the information content type a2 to be stolen by the virus according to the stored information file content to be opened in the format except the folder in the step S1.5 comprises the following steps:
s2.1, extracting the content of a storage file which is in a format except a folder and is opened, and extracting keywords from the content of the storage file, wherein the keywords comprise fixed fields, fixed-length digital combinations or fixed-length digital and fixed-text combinations;
s2.2, matching the keywords extracted in the step S2.1 with a prefabricated information content type database, wherein different information content types in the prefabricated information content type database correspond to different type numbers, the type numbers reflect the importance degree of the information content types corresponding to the type numbers, and the smaller the type numbers are, the higher the importance degree of the information content types corresponding to the type numbers are;
S2.3, when the number of successfully matched information content types in the keyword extracted and the prefabricated information content type database is larger than or equal to a first preset value, judging that the stored file content contains the information content type;
s2.4, matching all extracted keywords with a class database in the prefabricated information content according to the step S2.3, and matching all classes and corresponding class numbers in the information content corresponding to all extracted keywords;
s2.5, acquiring all information content types and corresponding type numbers corresponding to all extracted keywords obtained in the step S2.4, and taking the information content type corresponding to the minimum type number in the obtained type numbers as the information content type a2 to be stolen by the virus.
When the keywords are extracted, the keywords are divided into fixed fields, fixed-length digital combinations or fixed-length digital and fixed-text combinations, wherein the fixed fields refer to the fixed keywords, the fixed-length digital combinations consider that information similar to telephone numbers can exist, and the telephone numbers can be extracted through the digits of the telephone numbers because the combination of the contents of the telephone numbers has diversity but the digits of the telephone numbers are fixed; the combination of the fixed length numbers and the fixed text is to consider similar keywords like date, such as: since the digital part content is not fixed but the number of digits is fixed and the text part content is fixed in 2021, 28 of 07 of the year, the keyword can be screened in this way when being extracted.
When the virus characteristic analysis module analyzes virus characteristics, the expression form and the attack purpose of the virus are directly obtained by the virus behavior monitoring module, the virus source is analyzed by the state data of the mobile terminal in the mobile terminal state data acquisition module,
the method for analyzing the virus source in the virus characteristics by the virus characteristic analysis module comprises the following steps:
s3.1, acquiring mobile terminal operation records in the state data of the mobile terminal, corresponding time of each operation record, whether the mobile terminal is attacked by viruses and the time of the mobile terminal attacked by viruses;
s3.2, calculating according to a time point t of the mobile terminal attacked by the virus, subtracting a second preset value t2 from t, and obtaining a result which is the starting time of detection of the operation record of the mobile terminal, namely t-t2, wherein the second preset value t2 is the maximum interval time from the improper operation of the mobile terminal to the attack by the virus, and screening out all the operation records of the mobile terminal, wherein the corresponding time of each operation record of the mobile terminal is greater than or equal to t-t2 and less than or equal to t;
s3.3, analyzing and detecting the contents in all the operation records of the mobile terminal screened in the step S3.2 one by a high-altitude characteristic analysis module, judging whether the virus can be detected, and if the virus is detected, taking the contents in the operation records of the mobile terminal as a virus source of the virus and storing the virus;
S3.4, if the virus is not detected, starting from the corresponding time t-t2 of each operation record of the mobile terminal, analyzing and detecting the content in the corresponding operation record of the mobile terminal one by one according to the sequence from late to early in time until the virus is detected, taking the content in the operation record of the mobile terminal as the virus source of the virus, and storing.
When the virus characteristic analysis module acquires the virus source, the time point t of the virus attack of the mobile terminal, the preset maximum interval time from the improper operation of the mobile terminal to the virus attack, the mobile terminal operation record in the state data of the mobile terminal and the corresponding time of each operation record are acquired, the time point t of the virus attack of the mobile terminal, the preset maximum interval time from the improper operation of the mobile terminal to the virus attack lock the possible occurrence time of the virus attack, then the mobile terminal operation record in the time period is extracted, screened one by one, and finally the virus source is locked.
The mobile terminal information security level evaluation module evaluates the security level of the mobile terminal through the condition that the mobile terminal is attacked by viruses in a first unit time,
Before evaluating the security level of the mobile terminal, the number n of times the mobile terminal is attacked by virus in a first unit time, and virus sources, expression forms and attack purposes in virus characteristics during each virus attack are required to be respectively obtained,
matching the content in the operation record of the mobile terminal in the virus source with a first database, matching a corresponding risk coefficient b1 of the content in the operation record of the mobile terminal in the first database, counting the virus attack times n1 of the virus source same as the virus, multiplying b1 by the quotient of n1 and n, taking the obtained result c1 as the final virus source risk coefficient of the virus,
monitoring screen information of the mobile terminal and stealing stored information of the mobile terminal, matching the expression forms of the two viruses with a second database, matching the corresponding risk coefficient b2 of the two expression forms in the second database, counting the virus attack times n2 of the expression forms of the viruses which are the same as the viruses, multiplying b2 by the quotient of n2 and n, taking the obtained result c2 as the final expression form risk coefficient of the viruses,
matching the information content type a2 at the information position a1 in the mobile terminal in the virus attack purpose with a third database, matching the corresponding risk coefficient b3 of the virus attack purpose in the third database, counting the virus attack times n3 of which the virus attack purpose is the same as that of the virus, multiplying b3 by the quotient of n3 and n, taking the obtained result c3 as the final attack purpose risk coefficient of the virus,
Multiplying the corresponding c1, c2 and c3 of the viruses of the mobile terminal under attack to obtain the risk of the viruses of the mobile terminal under attack, adding the risk of the viruses of the mobile terminal under attack to obtain the risk d of the mobile terminal in a first unit time,
and comparing d with the risk threshold intervals corresponding to the security levels of the mobile terminal to obtain the security level corresponding to the risk threshold interval to which d belongs.
In the process of evaluating the security level of the mobile terminal, the mobile terminal information security level evaluation module respectively acquires the number n of times of virus attack of the mobile terminal in a first unit time and virus sources, expression forms and attack purposes in virus characteristics during each virus attack, respectively calculates c1, c2 and c3, further acquires the risk degree d of the mobile terminal in the first unit time, and acquires the security level corresponding to the mobile terminal according to the risk degree threshold interval to which d belongs. The quotient of n1 and n is multiplied by b1, because the different use conditions of each mobile terminal user can cause the difference of the proportion of the virus sources attacked by the mobile terminal in the number n of times of virus attack in the first unit time, the higher the proportion is, the greater the influence of the harm of the virus sources corresponding to the proportion on the mobile terminal is, and the final virus source risk coefficient c1 of the virus relative to the mobile terminal is further obtained by multiplying the quotient of n1 and n by b 1.
The mobile terminal weak point analysis module obtains b1, c3 and b3 corresponding to viruses attacking the mobile terminal each time in the mobile terminal information security level evaluation module,
calculating quotient f1 of c1 and b1 and quotient f3 of c3 and b3 respectively, solving the maximum value of f1 and f3 respectively, obtaining virus source e1 corresponding to the maximum value of f1, obtaining attack destination e3 of virus corresponding to the maximum value of f3, wherein e1 and e3 are weak points of the mobile terminal, comparing protection ranks of e1 and e3 in the existing protection software, and taking software which is ranked within a third preset value in the protection ranks of e1 and e3 as optimal protection software.
An information security assessment method based on a big data mobile terminal comprises the following steps:
s1, acquiring state data of a mobile terminal in a first unit time through a mobile terminal state data acquisition module;
s2, judging the number n of times of virus attack of the mobile terminal in a first unit time through a virus behavior monitoring module, and monitoring the behavior state of viruses in the mobile terminal after each virus attack;
s3, analyzing virus characteristics of each virus attack by a virus characteristic analysis module, wherein the virus characteristics comprise virus sources, expression forms and attack purposes;
S4, the mobile terminal information security level evaluation module evaluates the security level of the mobile terminal under the condition that the mobile terminal is attacked by viruses in a first unit time;
s5, the weak point analysis module of the mobile terminal analyzes weak points of the mobile terminal according to the condition that the mobile terminal is attacked by viruses in a first unit time, searches out the weak points in the mobile terminal, stores the weak points, and recommends optimal protection software according to the obtained weak points.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. An information security evaluation system based on big data mobile terminal, which is characterized by comprising:
the mobile terminal state data acquisition module acquires state data of the mobile terminal in a first unit time;
the virus behavior monitoring module judges the number n of times that the mobile terminal is attacked by viruses in a first unit time and monitors the behavior state of the viruses in the mobile terminal after each virus attack;
the virus characteristic analysis module is used for analyzing virus characteristics when each virus attack is performed, wherein the virus characteristics comprise virus sources, expression forms and attack purposes;
The mobile terminal information security level assessment module assesses the security level of the mobile terminal under the condition that the mobile terminal is attacked by viruses in a first unit time;
the mobile terminal weak point analysis module analyzes weak points of the mobile terminal according to the condition that the mobile terminal is attacked by viruses in a first unit time, searches out the weak points in the mobile terminal, stores the weak points, and recommends optimal protection software according to the obtained weak points;
when the virus characteristic analysis module analyzes virus characteristics, the expression form and the attack purpose of the virus are directly obtained by the virus behavior monitoring module, the virus source is analyzed by the state data of the mobile terminal in the mobile terminal state data acquisition module,
the method for analyzing the virus source in the virus characteristics by the virus characteristic analysis module comprises the following steps:
s3.1, acquiring mobile terminal operation records in the state data of the mobile terminal, corresponding time of each operation record, whether the mobile terminal is attacked by viruses and the time of the mobile terminal attacked by viruses;
s3.2, calculating according to a time point t of the mobile terminal attacked by the virus, subtracting a second preset value t2 from t, and obtaining a result which is the starting time of detection of the operation record of the mobile terminal, namely t-t2, wherein the second preset value t2 is the maximum interval time from the improper operation of the mobile terminal to the attack by the virus, and screening out all the operation records of the mobile terminal, wherein the corresponding time of each operation record of the mobile terminal is greater than or equal to t-t2 and less than or equal to t;
S3.3, analyzing and detecting the contents in all the operation records of the mobile terminal screened in the step S3.2 one by a high-altitude characteristic analysis module, judging whether the virus can be detected, and if the virus is detected, taking the contents in the operation records of the mobile terminal as a virus source of the virus and storing the virus;
s3.4, if the virus is not detected, starting from the corresponding time t-t2 of each operation record of the mobile terminal, analyzing and detecting the content in the corresponding operation record of the mobile terminal one by one according to the sequence from late to early until the virus is detected, taking the content in the operation record of the mobile terminal as the virus source of the virus, and storing the content;
the mobile terminal information security level evaluation module evaluates the security level of the mobile terminal through the condition that the mobile terminal is attacked by viruses in a first unit time,
before evaluating the security level of the mobile terminal, the number n of times the mobile terminal is attacked by virus in a first unit time, and virus sources, expression forms and attack purposes in virus characteristics during each virus attack are required to be respectively obtained,
matching the content in the operation record of the mobile terminal in the virus source with a first database, matching a corresponding risk coefficient b1 of the content in the operation record of the mobile terminal in the first database, counting the virus attack times n1 of the virus source same as the virus, multiplying b1 by the quotient of n1 and n, taking the obtained result c1 as the final virus source risk coefficient of the virus,
Monitoring screen information of the mobile terminal and stealing stored information of the mobile terminal, matching the expression forms of the two viruses with a second database, matching the corresponding risk coefficient b2 of the two expression forms in the second database, counting the virus attack times n2 of the expression forms of the viruses which are the same as the viruses, multiplying b2 by the quotient of n2 and n, taking the obtained result c2 as the final expression form risk coefficient of the viruses,
matching the information content type a2 at the information position a1 in the mobile terminal in the virus attack purpose with a third database, matching the corresponding risk coefficient b3 of the virus attack purpose in the third database, counting the virus attack times n3 of which the virus attack purpose is the same as that of the virus, multiplying b3 by the quotient of n3 and n, taking the obtained result c3 as the final attack purpose risk coefficient of the virus,
multiplying the corresponding c1, c2 and c3 of the viruses of the mobile terminal under attack to obtain the risk of the viruses of the mobile terminal under attack, adding the risk of the viruses of the mobile terminal under attack to obtain the risk d of the mobile terminal in a first unit time,
comparing d with the risk threshold intervals corresponding to the security levels of the mobile terminal to obtain the security level corresponding to the risk threshold interval to which d belongs;
The mobile terminal weak point analysis module obtains b1, c3 and b3 corresponding to viruses attacking the mobile terminal each time in the mobile terminal information security level evaluation module,
calculating quotient f1 of c1 and b1 and quotient f3 of c3 and b3 respectively, solving the maximum value of f1 and f3 respectively, obtaining virus source e1 corresponding to the maximum value of f1, obtaining attack destination e3 of virus corresponding to the maximum value of f3, wherein e1 and e3 are weak points of the mobile terminal, comparing protection ranks of e1 and e3 in the existing protection software, and taking software which is ranked within a third preset value in the protection ranks of e1 and e3 as optimal protection software.
2. The information security assessment system based on the big data mobile terminal according to claim 1, wherein: the mobile terminal state data in the mobile terminal state data acquisition module comprises: the method comprises the steps of mobile terminal operation records, corresponding time of each operation record, whether the mobile terminal is attacked by viruses or not and the time of the mobile terminal attacked by viruses.
3. The information security assessment system based on the big data mobile terminal according to claim 2, wherein: in the process that the virus behavior monitoring module monitors the behavior state of the virus in the mobile terminal after each virus attack, the behavior state of the virus in the mobile terminal is the damage mode of the virus to the mobile terminal after the virus attacks the mobile terminal, and the method comprises the following steps: monitor screen information of the mobile terminal and steal information stored in the mobile terminal,
The virus behavior monitoring module monitors the behavior state of the virus in the mobile terminal and takes different countermeasures for different behavior states of the virus in the mobile terminal,
when the behavior state of the virus in the mobile terminal is that the screen information of the mobile terminal is monitored, the virus behavior monitoring module directly clears the virus, judges that the expression form of the virus is that the screen information of the mobile terminal is monitored, and the attack purpose of the virus is to acquire the screen information of the mobile terminal;
when the behavior state of the virus in the mobile terminal is that information stored in the mobile terminal is stolen, the virus behavior monitoring module tracks the path of the information stored in the mobile terminal which is stolen by the virus.
4. The information security assessment system based on big data mobile terminal according to claim 3, wherein: the method for tracking the path of information stored in the mobile terminal stolen by the virus behavior monitoring module comprises the following steps:
s1.1, judging a storage information file format to be opened by viruses in a mobile terminal;
s1.2, when the file format of the storage information to be opened by the virus in the step S1.1 is a folder, the virus is not processed, the name of the folder to be opened is recorded, and the file format of the storage information to be opened by the virus is continuously monitored;
S1.3, repeating the operation in the step S1.2 until the virus behavior monitoring module clears the virus before the virus is ready to open the stored information file when the stored information file to be opened in the step S1.1 is in a format except a folder;
s1.4, extracting the names of the opened folders recorded in the step S1.2, the stored information files to be opened in the formats except the folders in the step S1.3 and the positions of the stored information files;
s1.5, judging the information position a1 to be stolen by the virus according to the name of the opened folder and the position of the stored information file to be opened in the format except the folder recorded in the step S1.4, and judging the information content type a2 to be stolen by the virus according to the content of the stored information file to be opened in the format except the folder;
s1.6, judging that the expression form of the virus is to steal the stored information of the mobile terminal according to the results a1 and a2 obtained in the step S1.5, wherein the attack purpose of the virus is to acquire the information content type a2 at the information position a1 in the mobile terminal.
5. The information security assessment system based on the big data mobile terminal according to claim 4, wherein: the method for judging the information content type a2 to be stolen by the virus according to the stored information file content to be opened in the format except the folder in the step S1.5 comprises the following steps:
S2.1, extracting the content of a storage file which is in a format except a folder and is opened, and extracting keywords from the content of the storage file, wherein the keywords comprise fixed fields, fixed-length digital combinations or fixed-length digital and fixed-text combinations;
s2.2, matching the keywords extracted in the step S2.1 with a prefabricated information content type database, wherein different information content types in the prefabricated information content type database correspond to different type numbers, the type numbers reflect the importance degree of the information content types corresponding to the type numbers, and the smaller the type numbers are, the higher the importance degree of the information content types corresponding to the type numbers are;
s2.3, when the number of successfully matched information content types in the keyword extracted and the prefabricated information content type database is larger than or equal to a first preset value, judging that the stored file content contains the information content type;
s2.4, matching all extracted keywords with a class database in the prefabricated information content according to the step S2.3, and matching all classes and corresponding class numbers in the information content corresponding to all extracted keywords;
s2.5, acquiring all information content types and corresponding type numbers corresponding to all extracted keywords obtained in the step S2.4, and taking the information content type corresponding to the minimum type number in the obtained type numbers as the information content type a2 to be stolen by the virus.
6. A big data mobile terminal based information security assessment method using the big data mobile terminal based information security assessment system of any one of claims 1 to 5, characterized in that the method comprises the steps of:
s1, acquiring state data of a mobile terminal in a first unit time through a mobile terminal state data acquisition module;
s2, judging the number n of times of virus attack of the mobile terminal in a first unit time through a virus behavior monitoring module, and monitoring the behavior state of viruses in the mobile terminal after each virus attack;
s3, analyzing virus characteristics of each virus attack by a virus characteristic analysis module, wherein the virus characteristics comprise virus sources, expression forms and attack purposes;
s4, the mobile terminal information security level evaluation module evaluates the security level of the mobile terminal under the condition that the mobile terminal is attacked by viruses in a first unit time;
s5, the weak point analysis module of the mobile terminal analyzes weak points of the mobile terminal according to the condition that the mobile terminal is attacked by viruses in a first unit time, searches out the weak points in the mobile terminal, stores the weak points, and recommends optimal protection software according to the obtained weak points.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111035092.3A CN113935040B (en) | 2021-09-05 | 2021-09-05 | Information security evaluation system and method based on big data mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111035092.3A CN113935040B (en) | 2021-09-05 | 2021-09-05 | Information security evaluation system and method based on big data mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113935040A CN113935040A (en) | 2022-01-14 |
| CN113935040B true CN113935040B (en) | 2023-08-01 |
Family
ID=79275183
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111035092.3A Active CN113935040B (en) | 2021-09-05 | 2021-09-05 | Information security evaluation system and method based on big data mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113935040B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491076A (en) * | 2013-09-09 | 2014-01-01 | 杭州华三通信技术有限公司 | Method and system for defending against network attacks |
| CN108881307A (en) * | 2018-08-10 | 2018-11-23 | 中国信息安全测评中心 | A kind of safety detecting method and device of facing moving terminal |
| CN109413088A (en) * | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
| CN112118220A (en) * | 2020-08-06 | 2020-12-22 | 福建中信网安信息科技有限公司 | Network security level protection evaluation method and system |
| CN112231570A (en) * | 2020-10-26 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Recommendation system trust attack detection method, device, equipment and storage medium |
| CN113467314A (en) * | 2021-07-15 | 2021-10-01 | 广州赛度检测服务有限公司 | Information security risk assessment system and method based on big data and edge calculation |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2496231A1 (en) * | 2005-02-04 | 2006-08-04 | Shopplex.Com Corporation | System and method for controlling and monitoring an application in a network |
| US8762295B2 (en) * | 2007-02-11 | 2014-06-24 | Trend Micro Incorporated | Methods and system for determining licensing/billing fees for computer security software |
-
2021
- 2021-09-05 CN CN202111035092.3A patent/CN113935040B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491076A (en) * | 2013-09-09 | 2014-01-01 | 杭州华三通信技术有限公司 | Method and system for defending against network attacks |
| CN108881307A (en) * | 2018-08-10 | 2018-11-23 | 中国信息安全测评中心 | A kind of safety detecting method and device of facing moving terminal |
| CN109413088A (en) * | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
| CN112118220A (en) * | 2020-08-06 | 2020-12-22 | 福建中信网安信息科技有限公司 | Network security level protection evaluation method and system |
| CN112231570A (en) * | 2020-10-26 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Recommendation system trust attack detection method, device, equipment and storage medium |
| CN113467314A (en) * | 2021-07-15 | 2021-10-01 | 广州赛度检测服务有限公司 | Information security risk assessment system and method based on big data and edge calculation |
Non-Patent Citations (5)
| Title |
|---|
| DDoS防御机制研究;沈鑫;张来顺;;微计算机信息(第09期);第69-72页 * |
| Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective;Bartlomiej Hanus;INFORMATION SYSTEMS MANAGEMENT;第33卷(第1期);第2-16页 * |
| 一种智能网络空间安全系统评测方法;曾幸钦;曾炽强;李树湖;朱奔君;叶海萍;;电子世界(第05期);第59-60页 * |
| 基于生命周期理论的安全漏洞时间风险研究;宋明秋;王磊磊;于博;;计算机工程(第01期);第137-139+142页 * |
| 面向云服务系统的网络安全评测方法;叶婷;曾灶烟;董碧飞;孙培高;朱奔君;;信息通信(第02期);第166-167页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113935040A (en) | 2022-01-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Pendlebury et al. | {TESSERACT}: Eliminating experimental bias in malware classification across space and time | |
| Ye et al. | CIMDS: adapting postprocessing techniques of associative classification for malware detection | |
| JP5479340B2 (en) | Detect and classify matches between time-based media | |
| CN105809035B (en) | The malware detection method and system of real-time behavior is applied based on Android | |
| JP3888812B2 (en) | Fact data integration method and apparatus | |
| Carrier et al. | Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence. | |
| CN107832444B (en) | Event discovery method and device based on search log | |
| CN110912884A (en) | Detection method, detection equipment and computer storage medium | |
| CN114003903B (en) | Network attack tracing method and device | |
| CN112751711B (en) | Alarm information processing method and device, storage medium and electronic equipment | |
| Faiella et al. | Enriching Threat Intelligence Platforms Capabilities. | |
| CN110378118B (en) | Efficient and accurate android application third-party library detection method | |
| CN115292674A (en) | Fraud application detection method and system based on user comment data | |
| CN113935040B (en) | Information security evaluation system and method based on big data mobile terminal | |
| CN112073396A (en) | Method and device for detecting transverse movement attack behavior of intranet | |
| CN109002441A (en) | Determination method, the exception of Apply Names similarity apply detection method and system | |
| CN109409091B (en) | Method, device and equipment for detecting Web page and computer storage medium | |
| CN108763242B (en) | Label generation method and device | |
| CN115688107A (en) | Fraud-related APP detection system and method | |
| CN108322912B (en) | Method and device for distinguishing short messages | |
| CN112632548B (en) | Malicious android program detection method and device, electronic equipment and storage medium | |
| CN113918435A (en) | Application program risk level determination method and device and storage medium | |
| CN110532758B (en) | Risk identification method and device for group | |
| CN109784047B (en) | Program detection method based on multiple features | |
| Ruriawan et al. | Development of digital evidence collector and file classification system with K-Means algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230707 Address after: 518000 No. 411 and 412, building a, Fenghuang Zhigu, No. 50, tiezi Road, Gongle community, Xixiang street, Bao'an District, Shenzhen, Guangdong Applicant after: SHENZHEN LANCHANG TECHNOLOGY Co.,Ltd. Address before: 510700 Jian'an Gongchuang Zhongchuang space office Card No. a049, No. A701, zone a, Guangzhou International Business Incubator, No. 3, Juquan Road, Science City, Huangpu District, Guangzhou City, Guangdong Province (office only) Applicant before: GUANGZHOU SAIDU DETECTION SERVICE CO.,LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |