CN116170182A - Internet mobile application security control method and device and computer equipment - Google Patents

Internet mobile application security control method and device and computer equipment Download PDF

Info

Publication number
CN116170182A
CN116170182A CN202211702315.1A CN202211702315A CN116170182A CN 116170182 A CN116170182 A CN 116170182A CN 202211702315 A CN202211702315 A CN 202211702315A CN 116170182 A CN116170182 A CN 116170182A
Authority
CN
China
Prior art keywords
application
security risk
security
mobile
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211702315.1A
Other languages
Chinese (zh)
Inventor
邓巍
刘威
黄建华
张健
黄志伟
庞宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Power Supply Bureau Co Ltd
Original Assignee
Shenzhen Power Supply Bureau Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Power Supply Bureau Co Ltd filed Critical Shenzhen Power Supply Bureau Co Ltd
Priority to CN202211702315.1A priority Critical patent/CN116170182A/en
Publication of CN116170182A publication Critical patent/CN116170182A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/302Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Evolutionary Computation (AREA)
  • Technology Law (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application relates to an internet mobile application security control method, device, computer equipment, storage medium and computer program product, by acquiring monitoring data related to mobile application in terminal equipment and performing risk perception on the monitoring data related to the mobile application, an application security risk result is obtained, and under the condition that the application security risk result is characterized as that the terminal equipment has the application security risk, a security defense control strategy is formulated for timely performing early warning treatment on the application security risk in the terminal equipment, so that the protection efficiency and effect of the internet mobile application in the running process can be effectively improved.

Description

Internet mobile application security control method and device and computer equipment
Technical Field
The present invention relates to the field of internet mobile application security monitoring technologies, and in particular, to an internet mobile application security control method, an internet mobile application security control device, a computer device, a storage medium, and a computer program product.
Background
With the rapid development of wireless communication technology and mobile terminal devices, people can process transactions using mobile applications at any time and place. But at the same time, in recent years, aiming at a large number of security problems such as piracy, secondary packaging, decompilation and the like of mobile applications, the research progress in the technical fields such as mobile application security protection reinforcement, automatic security assessment, operation security monitoring after online, anti-mobile terminal fraud and the like is also promoted.
Investigation has shown that security risks of internet mobile applications are mainly focused on sensitive information leakage risks and information authentication risk problems. But in addition, the method also comprises the risk problems of information data plaintext transmission, communication data decryptable, sensitive data local decryptable, debugging information leakage, cryptography misuse, function leakage, secondary packaging, debugging, code reversibility and the like. However, currently, the attack means aiming at the different security risks basically need to be analyzed in a manual mode, and the protection efficiency and the effect are low.
Disclosure of Invention
Based on the foregoing, it is necessary to provide an internet mobile application security control method, apparatus, computer device, storage medium and computer program product capable of improving the protection efficiency and effect of the internet mobile application during the operation process.
In a first aspect, the present application provides a method for controlling security of an internet mobile application, which is characterized in that the method includes:
acquiring monitoring data related to mobile application in terminal equipment;
performing risk perception on the monitoring data related to the mobile application to obtain an application security risk result;
and under the condition that the application security risk result is characterized as that the terminal equipment has the application security risk, formulating a security defense control strategy, wherein the security defense control strategy is used for timely carrying out early warning treatment on the application security risk in the terminal equipment.
In one embodiment, the acquiring the monitoring data related to the mobile application in the terminal device includes:
acquiring application download data in the process of downloading mobile application in the terminal equipment;
acquiring application installation data in the process of installing mobile application in the terminal equipment;
acquiring application operation data in an application operation process in the terminal equipment;
the mobile application related monitoring data includes at least one of the application download data, the application installation data, and the application running data.
In one embodiment, after obtaining application download data in the process of downloading the mobile application in the terminal device, the risk sensing is performed on the monitored data related to the mobile application to obtain an application security risk result, including:
comparing and inquiring the application download data with a risk application database to obtain an application download security risk result; the application security risk result comprises the application download security risk result.
In one embodiment, after the acquiring the application installation data in the process of installing the mobile application in the terminal device, the risk sensing is performed on the monitoring data related to the mobile application to obtain an application security risk result, including:
analyzing the security vulnerability of the application installation data to obtain an application installation security risk result; the application security risk results include the application installation security risk results.
In one embodiment, after the acquiring the application running data in the application running process in the terminal device, the risk sensing is performed on the monitoring data related to the mobile application to obtain an application security risk result, including:
analyzing the application operation data according to a preset rule model to obtain an application operation security risk result; the application security risk results include the application running security risk results.
In one embodiment, when the application security risk result is characterized that the terminal device has an application security risk, the making a security defense control policy includes:
and under the condition that the application security risk result is characterized as that the terminal equipment has the application security risk, an active defense control strategy and a passive defense control strategy are formulated.
In a second aspect, the present application further provides an internet mobile application security control device, where the device includes:
the monitoring module is used for acquiring monitoring data related to mobile application in the terminal equipment;
the sensing module is used for performing risk sensing on the monitoring data related to the mobile application to obtain an application security risk result;
the defending module is used for formulating a security defending control strategy under the condition that the application security risk result is characterized in that the terminal equipment has the application security risk, and the security defending control strategy is used for timely carrying out early warning treatment on the application security risk in the terminal equipment.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the method described above when the processor executes the computer program.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the method described above.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of the method described above.
According to the Internet mobile application security control method, the Internet mobile application security control device, the computer equipment, the storage medium and the computer program product, the application security risk result is obtained by acquiring the monitoring data related to the mobile application in the terminal equipment and performing risk perception on the monitoring data related to the mobile application, and when the application security risk result is characterized as that the terminal equipment has the application security risk, a security defense control strategy is formulated for timely performing early warning treatment on the application security risk in the terminal equipment, so that the protection efficiency and effect of the Internet mobile application in the running process can be effectively improved.
Drawings
FIG. 1 is an application environment diagram of an Internet mobile application security control method in one embodiment;
FIG. 2 is a flow chart of a method for controlling security of Internet mobile applications in one embodiment;
FIG. 3 is a flowchart illustrating a step of acquiring monitoring data according to one embodiment;
FIG. 4 is a block diagram of an Internet mobile application security control device in one embodiment;
FIG. 5 is a system block diagram of a security control system for a mobile Internet appliance in one embodiment;
fig. 6 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
It should be noted that, the information and data related to the present application (including but not limited to monitoring data, applying security risk results, security defense control policies, etc.) are all information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related countries and regions.
In one embodiment, the method for controlling security of internet mobile application provided in the present application may be applied to an application environment as shown in fig. 1. Wherein a plurality of terminals 102 communicate with a server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server. Specifically, data transmission is performed between the server 104 and the terminals 102 through a data transmission path, so as to obtain monitoring data related to mobile applications installed on each terminal 102; performing risk perception on monitoring data related to mobile application to obtain an application security risk result; when the application security risk result is characterized that the application security risk exists in the terminal 102, a security defense control strategy is formulated, and the security defense control strategy is used for timely performing early warning processing on the application security risk in the terminal 102.
The terminal 102 may be a terminal with a mobile application installed, and may be, but not limited to, various desktop computers, notebook computers, smartphones, tablet computers, and portable wearable devices, which may be smartwatches, smartbracelets, etc. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, there is provided an internet mobile application security control method, which is described by taking the server 104 in fig. 1 as an example, the steps include S200 to S600, where:
s200: and acquiring monitoring data related to the mobile application in the terminal equipment.
Specifically, the monitoring data is data obtained by monitoring various behaviors related to the mobile application in the terminal device, which may include data obtained by monitoring the behavior of the downloaded mobile application, data obtained by monitoring the behavior of the installed mobile application, and data obtained by monitoring the running behavior of the installed various mobile applications. It is understood that the mobile application is various mobile applications installed in the terminal device, and the application type is not limited, so long as various behaviors exist in the monitored terminal device, all the behaviors shall belong to the scope of the mobile application monitored in the application.
Further, the monitored terminal device may be any type of terminal device, and when the terminal device needs to be monitored, only the continuous monitoring application provided by the application needs to be installed on the terminal device. After the continuous monitoring application is installed and networked, corresponding protection components, such as a code reverse prevention component and a debugging injection prevention component, can be downloaded in the terminal equipment, monitoring data related to the mobile application in the terminal equipment are obtained, and the obtained monitoring data are uploaded to a server for risk perception by the server.
The form of the mobile application that can be monitored in the terminal device is not unique, and may be a website type application, a APP (Application) type application, or an operator account of the terminal device, for example, a mobile phone number.
S400: and performing risk perception on the monitoring data related to the mobile application to obtain an application security risk result.
Specifically, after the continuous detection application is installed in the terminal equipment and the corresponding protection component is downloaded, risk sensing can be performed according to the monitoring data related to the mobile application while the corresponding monitoring data is obtained, and an application security risk result is obtained. The application security risk result may be that the terminal device does not have an application security risk, or that the terminal device has an application security risk. And the existing application security risk types may be different according to the results, for example, when the obtained terminal device has the application security risk result that is the application download security risk result, the application security risk is the application download security risk type. Second, the application security risk may also be an application installation security risk type, as well as an application running security risk type.
S600: and under the condition that the application security risk result is characterized as that the terminal equipment has the application security risk, formulating a security defense control strategy, wherein the security defense control strategy is used for timely carrying out early warning treatment on the application security risk in the terminal equipment.
Specifically, when the application security risk result is characterized that the application security risk exists in the terminal equipment, the security of the mobile application in the running process can be protected by formulating an active defense control strategy and a passive defense control strategy, so that the security defense capability of the mobile terminal equipment is gradually upgraded.
According to the internet mobile application security control method, the application security risk result is obtained by acquiring the monitoring data related to the mobile application in the terminal equipment and performing risk perception on the monitoring data related to the mobile application, and when the application security risk result is characterized as the application security risk of the terminal equipment, a security defense control strategy is formulated for timely performing early warning treatment on the application security risk in the terminal equipment, so that the protection efficiency and effect of the internet mobile application in the running process can be effectively improved.
In one embodiment, as shown in fig. 3, S200 includes S220 to S260, wherein:
s220: and acquiring application download data in the process of downloading the mobile application in the terminal equipment.
It can be understood that after the continuous detection application is installed in the terminal equipment and the corresponding protection component is downloaded, the corresponding application downloading data can be obtained while the terminal equipment downloads the mobile application or logs in the website application. Specifically, the application download data may include mobile application information downloaded by the terminal device and logged-in website application information, and the acquired application download data is synchronously uploaded to the server for risk perception by the server.
In one embodiment, following S220, S400 includes: comparing and inquiring the application download data with a risk application database to obtain an application download security risk result; the application security risk results include application download security risk results.
The risk application database is a big data information database containing various risk application information and can be stored in the cloud server. Corresponding to the types which can be included in the application, the risk application information can also include website application types, APP applications, operator accounts and the like, for example, various risk application information can include malicious websites, pirated APP applications, illegal mobile phone numbers and the like, and the illegal mobile phone numbers can be various mobile phone numbers including internet of things cards, external environment cards, virtual cards, group cards, revealing real name cards and the like. Specifically, the risk application database can be collected and updated by performing full-channel distribution control on applications such as hidden malicious websites, counterfeit malicious websites, APP and the like.
Specifically, after receiving the application download data, mobile application information downloaded by the terminal device, or logged-in website application information and the like can be compared and inquired with various risk application information contained in a risk application database to obtain an application download security risk result. The malicious website and APP early warning is performed by inquiring an information base provided in a risk application database to compare and inquire, and whether the application related in application downloading data is applied to the website or not is judged. Meanwhile, the illegal mobile phone number early warning compares and examines the mobile phone numbers provided in the application or the website, and avoids dangerous situations such as illegal property transfer and the like caused by illegal account registration.
It can be understood that when the application download data is not in the various risk application information contained in the risk application database, an application download security risk result can be obtained, and the terminal device is free from application security risk. Conversely, when the application download data exists in various risk application information contained in the risk application database, an application download security risk result can be obtained, wherein the terminal equipment has application security risk, and the corresponding application security risk is of an application download security risk type.
S240: and acquiring application installation data in the process of installing the mobile application in the terminal equipment.
It can be understood that after the continuous detection application is installed in the terminal device and the corresponding protection component is downloaded, corresponding application installation data can be obtained in the process of installing the mobile application by the terminal device. The application installation data, namely, the security and availability detection is carried out on the application installed by the mobile internet application equipment to determine whether the installed mobile application can be trusted.
In one embodiment, after S240, S400 includes: analyzing the security holes of the application installation data to obtain an application installation security risk result; the application security risk results include application installation security risk results.
Specifically, the security hole analysis of the application installation data may include installation package monitoring, authority monitoring, third party component monitoring, and virus monitoring of the installation process of the mobile application. The installation package monitoring is to analyze the installation package information of the installed mobile application through analysis tools such as system uzip and apktool, and then discover security vulnerability information of the program code through analysis of grammar, structure, process, interface and the like of a source code file or a binary file of an application program in the installation package information.
Further, the installation package information obtained through analysis is also used for being transmitted to the next stage for permission monitoring, third party component monitoring and virus monitoring. The permission monitoring is to judge whether the permission of the mobile application is normal or not through a security protocol, so that information leakage of mobile terminal equipment caused by abnormal permission is avoided. The third party component monitors that the information such as package names, class names and the like in the installation package information of the mobile application is extracted in a static reverse mode, a function call relation is abstracted, the extracted features are compared with an SDK feature library in the big data information base, and therefore identification of the SDK is achieved. The virus monitoring is carried out by combining and detecting various security features in a detection engine locally at the terminal equipment, and can also carry out local plug-in algorithm logic detection, for example, detection of multidimensional analysis data such as application inclusion, AM files, binary files, code instructions and the like can be included. The method can effectively detect the malicious codes such as viruses, trojans, malicious advertisements and the like in the installation package information, and the detection can comprise recognition and analysis of multiple dimensions such as fine granularity, depth and the like, so that the viruses are prevented from invading the mobile terminal equipment.
It can be understood that when the above-mentioned monitoring is performed on the installation process of the mobile application and no corresponding security hole exists, for example, no security hole information exists in the installation package monitoring process, no abnormal authority problem exists in the authority monitoring process, no abnormal SDK is identified in the third party component monitoring process, no malicious code is detected in the virus monitoring process, and the corresponding application installation security risk result can be obtained, so that the terminal device does not have application security risk. Conversely, when a corresponding security hole exists in the above-mentioned monitoring process of the installation process of the mobile application, an application installation security risk result can be obtained, wherein the terminal equipment has an application security risk, and the corresponding application security risk is of an application installation security risk type.
S260: and acquiring application operation data in the application operation process in the terminal equipment.
It can be understood that after the continuous detection application is installed in the terminal device and the corresponding protection component is downloaded, corresponding application running data can be obtained in the running process of the mobile application in the terminal device. The application operation data comprise data obtained by monitoring key risk points in the mobile application operation process of the terminal equipment, and the data can be used for accurately sensing, understanding and predicting the overall security situation. In addition, the application running data can also comprise crash information in the running process of the mobile application, and the crash information can be used for repairing the application according to the running information in time, so that the high safety and the high availability of the terminal equipment are ensured
In one embodiment, following S260, S400 includes: analyzing the application operation data according to a preset rule model to obtain an application operation security risk result; the application security risk results include application running security risk results.
Specifically, the preset rule model is a security risk early warning model preset in the server, and whether a preset type of security risk exists or not can be analyzed according to the application operation data. It can be understood that when the preset type of security risk is obtained by analyzing the application operation data in the preset rule model, the result of the application operation security risk is that the terminal device does not have the application security risk. Conversely, when the preset type of security risk is not analyzed in the preset rule model according to the application operation data, an application operation security risk result can be obtained, wherein the terminal equipment has the application security risk, and the corresponding application security risk is the application operation security risk type.
In addition, the monitoring data related to the mobile application includes the monitoring data obtained in any application monitoring process, that is, at least one of application downloading data, application installation data and application running data.
In one embodiment, S600 includes: and under the condition that the application security risk result is characterized as that the terminal equipment has the application security risk, an active defense control strategy and a passive defense control strategy are formulated.
Specifically, the active defense control strategy can be understood as that the terminal equipment actively strengthens its own system to reduce the security risk of the mobile application from external attack. The active defense control strategy can be to download the corresponding reverse prevention component and the debugging prevention injection component through a big data information base. The anti-reverse component can encrypt the source code in the mobile application installation package by means of a source code encryption protection technology, a source code confusion technology and the like, and can ensure that the code for realizing the core service is not subjected to software reverse analysis by an attacker through a reverse tool. The anti-debugging injection component can prevent an attacker from performing memory debugging on the mobile application through Ptrace and other active checking mechanisms, and the safety of the mobile application in running is protected.
Further, the passive defense control strategy can be understood as a coping control strategy perceived and adopted by the terminal equipment after the terminal equipment is faced with possible safety risks, so as to accurately and efficiently block the attack behavior, and ensure high safety, high stability and high availability of the mobile application and the terminal service system. Different coping modes can be adopted pertinently aiming at the existing safety risks of the preset type; aiming at the crash information in the running process of the mobile application program acquired in real time, the compatibility test can be effectively organized by acquiring the information distribution characteristics of the mobile terminal equipment, and the mobile application can be repaired in time according to the crash information.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides an internet mobile application security control device for realizing the above related internet mobile application security control method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of the internet mobile application security control device provided in the following may refer to the limitation of the internet mobile application security control method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 4, there is provided an internet mobile application security control apparatus, which includes a monitoring module 410, a sensing module 420, and a defending module 430, wherein:
a monitoring module 410, configured to obtain monitoring data related to a mobile application in a terminal device;
the sensing module 420 is configured to perform risk sensing on the monitoring data related to the mobile application, and obtain an application security risk result;
the defending module 430 is configured to formulate a security defending control policy when the application security risk result indicates that the terminal device has an application security risk, where the security defending control policy is used to timely perform early warning processing on the application security risk in the terminal device.
In one embodiment, the monitoring module 410 is further configured to obtain application download data in a process of downloading the mobile application in the terminal device; acquiring application installation data in the process of installing mobile application in terminal equipment; acquiring application operation data in an application operation process in terminal equipment; the monitoring data related to the mobile application includes at least one of application download data, application installation data, and application run data.
In one embodiment, the sensing module 420 is further configured to compare and query the application download data with the risk application database to obtain an application download security risk result; the application security risk results include application download security risk results.
In one embodiment, the sensing module 420 is further configured to perform security vulnerability analysis on the application installation data to obtain an application installation security risk result; the application security risk results include application installation security risk results.
In one embodiment, the sensing module 420 is further configured to analyze the application operation data according to a preset rule model to obtain an application operation security risk result; the application security risk results include application running security risk results.
In one embodiment, the defending module 430 is further configured to formulate an active defending control policy and a passive defending control policy in a case where the application security risk result is characterized as that the terminal device has an application security risk.
The above-mentioned various modules in the internet mobile application security control device may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In order to better understand the above-mentioned internet mobile application security control device, a detailed explanation will be given below with reference to specific embodiments.
In one embodiment, as shown in fig. 5, a security control system of a mobile internet application device is provided, which comprises a security control center 1, wherein an output end signal of the security control center 1 is connected with a big data information base 2, an output end signal of the security control center 1 is connected with a detection module, an output end signal of the security control center 1 is connected with a security defense module 4, the detection module comprises a security prediction unit 301 and a continuous monitoring unit 302, and the security defense module 4 comprises an active defense unit 401 and a passive defense unit 402.
Specifically, the security prediction unit 301 includes a malicious website early warning, an APP early warning and an illegal mobile phone number early warning, the security prediction unit 301 is networked with the big data information base 2 through the security control center 1, it is ensured that the security prediction unit 301 updates information of the malicious website, the APP and the illegal mobile phone number in real time, and relevant information is uploaded.
The malicious website early warning and the APP early warning are realized by using a mobile application library of a full channel provided in a big data information base 2, the full channel of the hidden and counterfeit malicious website and APP is distributed and controlled, piracy application is accurately identified through deep static analysis, dynamic analysis, similarity analysis and the like, an alarm is issued within 24 hours of piracy discovery, the illegal mobile phone early warning is realized by using a mobile phone number source such as an Internet of things card, an external environment card, a virtual card, a group card, a leakage real name card and the like, illegal mobile phone numbers are accurately identified, dangerous situations such as bad account registration, illegal asset transfer and the like are avoided, and the illegal mobile phone early warning can be captured and early warned at the first time of risk occurrence.
Further, the continuous monitoring unit 302 includes installation package monitoring, authority monitoring, third party component monitoring and virus monitoring, the continuous monitoring unit 302 works by implanting APP in the mobile internet application device, and the continuous monitoring unit 302 is connected with the security control center 1 through a networking signal, and performs security and availability detection on the application installed by the mobile internet application device to determine whether it can be trusted.
The installation package monitoring is to analyze application installation package information through analysis tools such as system uzip and apktool respectively, analyze grammar, structure, process, interfaces and the like of source codes or binary files of application programs to find security holes existing in program codes, transmit the installation package information to authority monitoring, third party component monitoring and virus monitoring, judge whether application authorities are normal or not through a security protocol, avoid information leakage of mobile Internet application equipment caused by abnormal authorities, abstract function call relations through static reverse extraction of package name and class name information in the application installation package, compare extracted features with SDK feature libraries in a large data information base, further achieve identification of SDK, and effectively identify and analyze fine granularity and depth of mobile malicious code detection such as viruses, trojans and malicious advertisements through multi-feature combination detection in a local detection engine and local plug-in algorithm logic monitoring of virus monitoring, and avoid virus invasion of mobile Internet application equipment.
The active defense unit 401 comprises a code reverse-preventing assembly and a debugging injection assembly, the active defense unit 401 is connected with a big data information base through a security control center 1 in a networking signal mode, and the corresponding reverse-preventing assembly and the debugging injection assembly are downloaded through the big data information base. The anti-reverse component encrypts the source code in the application installation package by means of a source code encryption protection technology and a source code confusion technology, so that the code for realizing the core service is not subjected to software reverse analysis by an attacker through a reverse tool, and the anti-debugging injection component prevents the attacker from performing memory debugging on the mobile application through a Ptrace and other active checking mechanisms, thereby protecting the safety of the mobile application during operation.
The passive defense unit 402 comprises a danger sensing function, a danger early warning function and a running-through acquisition function, the passive defense unit 402 is connected with the security control center 1 in a networking signal mode, the security control center 1 judges the attack on the mobile internet application equipment and carries out corresponding defense, the passive defense unit 402 and the continuous monitoring unit 302 share the same APP, and information monitored by the continuous monitoring unit 302 can be directly synchronized to the passive defense unit 402 in a body. The danger sensing function performs data acquisition on application running conditions in the mobile internet application equipment through the APP, and then uploads the data to the safety control center 1, so that the safety control center 1 can accurately sense, understand and predict the overall safety situation, and perform the next reaction. The danger early warning function is to set model rules inside the safety control center 1 to carry out danger early warning, different coping modes are adopted aiming at different dangers, the running and collapsing acquisition function acquires collapse information in the running process of an application program in real time, the information distribution characteristics of the mobile Internet application equipment are acquired, compatibility tests are effectively organized, the application is repaired according to the collapse information in time, and the usability of the high-safety control system is guaranteed.
When the security control system of the mobile internet application device is used, firstly, the APP shared by the passive defense unit 401 and the continuous monitoring unit 302 is installed on the mobile internet application device, and networking is started to be in information connection with the security control center 1.
The corresponding code reverse-preventing assembly and the debugging-preventing injection assembly are downloaded from the big data information base 2 through the installation control center 1, when the mobile internet application equipment downloads an application or logs in a website, malicious websites and APP early warning are compared and inquired through inquiring the information base provided in the big data information base 2 to judge whether the malicious websites and APP are malicious websites and APP, and meanwhile illegal mobile phone number early warning examines mobile phone numbers provided in the application or the website to avoid dangerous situations such as bad account registration, illegal asset transfer and the like.
When the mobile internet application device installs the application, the installation package monitoring in the continuous monitoring unit 302 analyzes the application installation package, analyzes grammar, structure, process, interface and the like of source codes or binary files of the application program to find security holes existing in the program codes, and transmits the installation package information to authority monitoring, third party component monitoring and virus monitoring.
When the application of the mobile Internet application equipment runs, the danger sensing function performs data acquisition on the application running condition in the mobile Internet application equipment through the APP, then the application running condition is uploaded to the safety control center 1, the danger early warning function performs danger early warning through the model rule set in the safety control center 1, different coping modes are adopted for different dangers, the running and collecting function collects crash information in the running process of the application program in real time, the information distribution characteristic of the mobile Internet application equipment is collected, compatibility test is effectively organized, and the application is repaired timely according to the crash information.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 6. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer equipment is used for storing various risk detection data and attack element information data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements an internet mobile application security control method.
It will be appreciated by those skilled in the art that the structure shown in fig. 6 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided. The computer device comprises a memory in which a computer program is stored and a processor which, when executing the computer program, carries out the steps of the method described above.
In one embodiment, a computer-readable storage medium is provided. A computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method described above.
In one embodiment, a computer program product is provided. Computer program product comprising a computer program which, when executed by a processor, implements the steps of the method described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.

Claims (10)

1. An internet mobile application security control method, the method comprising:
acquiring monitoring data related to mobile application in terminal equipment;
performing risk perception on the monitoring data related to the mobile application to obtain an application security risk result;
and under the condition that the application security risk result is characterized as that the terminal equipment has the application security risk, formulating a security defense control strategy, wherein the security defense control strategy is used for timely carrying out early warning treatment on the application security risk in the terminal equipment.
2. The method according to claim 1, wherein the acquiring of the monitoring data related to the mobile application in the terminal device comprises:
acquiring application download data in the process of downloading mobile application in the terminal equipment;
acquiring application installation data in the process of installing mobile application in the terminal equipment;
acquiring application operation data in an application operation process in the terminal equipment;
the mobile application related monitoring data includes at least one of the application download data, the application installation data, and the application running data.
3. The method according to claim 2, wherein after the acquiring the application download data in the process of downloading the mobile application in the terminal device, the risk sensing is performed on the monitored data related to the mobile application, so as to obtain an application security risk result, including:
comparing and inquiring the application download data with a risk application database to obtain an application download security risk result; the application security risk result comprises the application download security risk result.
4. The method according to claim 2, wherein after the acquiring the application installation data in the process of installing the mobile application in the terminal device, the risk sensing is performed on the monitored data related to the mobile application, so as to obtain an application security risk result, including:
analyzing the security vulnerability of the application installation data to obtain an application installation security risk result; the application security risk results include the application installation security risk results.
5. The method according to claim 2, wherein after the acquiring the application running data in the application running process in the terminal device, the risk sensing is performed on the monitored data related to the mobile application, so as to obtain an application security risk result, including:
analyzing the application operation data according to a preset rule model to obtain an application operation security risk result; the application security risk results include the application running security risk results.
6. The method according to any one of claims 1 to 5, wherein, in the case where the application security risk result is characterized in that the terminal device has an application security risk, formulating a security defense control policy includes:
and under the condition that the application security risk result is characterized as that the terminal equipment has the application security risk, an active defense control strategy and a passive defense control strategy are formulated.
7. An internet mobile application security control apparatus, the apparatus comprising:
the monitoring module is used for acquiring monitoring data related to mobile application in the terminal equipment;
the sensing module is used for performing risk sensing on the monitoring data related to the mobile application to obtain an application security risk result;
the defending module is used for formulating a security defending control strategy under the condition that the application security risk result is characterized in that the terminal equipment has the application security risk, and the security defending control strategy is used for timely carrying out early warning treatment on the application security risk in the terminal equipment.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
CN202211702315.1A 2022-12-29 2022-12-29 Internet mobile application security control method and device and computer equipment Pending CN116170182A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211702315.1A CN116170182A (en) 2022-12-29 2022-12-29 Internet mobile application security control method and device and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211702315.1A CN116170182A (en) 2022-12-29 2022-12-29 Internet mobile application security control method and device and computer equipment

Publications (1)

Publication Number Publication Date
CN116170182A true CN116170182A (en) 2023-05-26

Family

ID=86414091

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211702315.1A Pending CN116170182A (en) 2022-12-29 2022-12-29 Internet mobile application security control method and device and computer equipment

Country Status (1)

Country Link
CN (1) CN116170182A (en)

Similar Documents

Publication Publication Date Title
CN109711171B (en) Method, device and system for positioning software bugs, storage medium and electronic device
CN109743315B (en) Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website
WO2019133453A1 (en) Platform and method for retroactive reclassification employing a cybersecurity-based global data store
CN113660224B (en) Situation awareness defense method, device and system based on network vulnerability scanning
KR101266037B1 (en) Method and apparatus for treating malicious action in mobile terminal
US10142343B2 (en) Unauthorized access detecting system and unauthorized access detecting method
CN108073821B (en) Data security processing method and device
US10033761B2 (en) System and method for monitoring falsification of content after detection of unauthorized access
US10073980B1 (en) System for assuring security of sensitive data on a host
US20170155683A1 (en) Remedial action for release of threat data
CN110912855A (en) Block chain architecture security assessment method and system based on permeability test case set
CN108234426B (en) APT attack warning method and APT attack warning device
KR102180098B1 (en) A malware detecting system performing monitoring of malware and controlling a device of user
EP3563548B1 (en) Historic data breach detection
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
Jang et al. Function‐Oriented Mobile Malware Analysis as First Aid
CN117370701A (en) Browser risk detection method, browser risk detection device, computer equipment and storage medium
US20240163264A1 (en) Real-time data encryption/decryption security system and method for network-based storage
CN114257404B (en) Abnormal external connection statistical alarm method, device, computer equipment and storage medium
CN116170182A (en) Internet mobile application security control method and device and computer equipment
CN115600201A (en) User account information safety processing method for power grid system software
Kedziora et al. Android malware detection using machine learning and reverse engineering
Suárez‐Tangil et al. Anomaly‐based exploratory analysis and detection of exploits in android mediaserver
US11611570B2 (en) Attack signature generation
CN113836542B (en) Trusted white list matching method, system and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination