WO2012065381A1 - Method and apparatus for preventing malicious softwares from transmitting data - Google Patents

Method and apparatus for preventing malicious softwares from transmitting data Download PDF

Info

Publication number
WO2012065381A1
WO2012065381A1 PCT/CN2011/071428 CN2011071428W WO2012065381A1 WO 2012065381 A1 WO2012065381 A1 WO 2012065381A1 CN 2011071428 W CN2011071428 W CN 2011071428W WO 2012065381 A1 WO2012065381 A1 WO 2012065381A1
Authority
WO
WIPO (PCT)
Prior art keywords
process information
data
sent
request
intercepted
Prior art date
Application number
PCT/CN2011/071428
Other languages
French (fr)
Chinese (zh)
Inventor
马震宇
王冲
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012065381A1 publication Critical patent/WO2012065381A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware

Definitions

  • the present invention relates to mobile terminal technology, and more particularly to a method and apparatus for preventing malware from transmitting data. Background technique
  • malware behaviors there are many types of malware behaviors, one of which is to send text messages in the background, such as: using the SMS interface provided by the smart phone, ordering some consumer services, etc., or constantly sending out text messages, these operations will cause user calls.
  • the main object of the present invention is to provide a method and apparatus for preventing malware from transmitting data, which can prevent malware from transmitting data in the background and reduce cost loss.
  • the present invention provides a method for preventing malware from transmitting data, the method comprising: intercepting a data transmission request, and acquiring process information corresponding to the data transmission request; and acquiring the process information and process information in a preset list database Matching is performed, and according to the matching result, the intercepted data sending request is sent or discarded accordingly.
  • the sending or discarding the intercepted data sending request according to the matching result is:
  • the related information including the data content and the acquired process information is presented to the user.
  • the method further includes:
  • the corresponding processing is performed according to the received user's command, when: the received user's command is a command to agree to send, the intercepted data sending request is sent, and the acquired process is obtained. Information is added to the whitelisted process information;
  • the intercepted data transmission request is discarded, and the acquired process information is added to the blacklisted process information.
  • the method further includes: saving the transmission record to the record database. In the above solution, the method further includes: saving the discarded data transmission request to the record database.
  • the present invention also provides an apparatus for preventing malware from transmitting data, the apparatus comprising: a data intercepting module, a list judging module, and a processing module;
  • a data intercepting module configured to intercept a data sending request, obtain process information corresponding to the data sending request, and send the obtained process information to the list determining module;
  • the list judging module is configured to: after receiving the acquired process information sent by the data intercepting module, matching the obtained process information with the process information in the preset list database, and sending the matching result to the processing module;
  • the processing module is configured to: after receiving the matching result sent by the list judging module, perform corresponding sending or discarding processing on the intercepted data sending request according to the matching result.
  • the processing module is specifically configured to: when the acquired process information matches the process information in the whitelist, send the intercepted data sending request, when the acquired process information is black When the process information in the list matches, the intercepted data transmission request is discarded, and when the acquired process information cannot match the process information in the list database, the data content and the acquired process information are included. Relevant information is presented to the user.
  • the processing module is further configured to: after receiving the command sent by the user, send the intercepted data sending request, and add the acquired process information to the whitelist process information; or After receiving the command that the user does not agree to send, the intercepted data sending request is discarded, and the obtained process information is added to the blacklisted process information.
  • the device further includes: a recording module, configured to: after receiving the transmission record sent by the processing module, save the transmission record to the record database, or after receiving the discarded data transmission request sent by the processing module, The discarded data transmission request is also saved to the record database and marked as intercepted;
  • the processing module is further configured to send a record after sending the intercepted data sending request After being sent to the recording module, or discarding the intercepted data sending request, the discarded data sending request is sent to the recording module.
  • the invention provides a scheme for preventing malware from transmitting data, intercepts a data transmission request, and acquires corresponding process information, and matches the acquired process information with process information in a preset list database, and according to the matching result, the intercepted data.
  • Sending a request for corresponding sending or discarding processing can prevent malware from sending data in the background, thereby reducing cost loss and satisfying the user experience.
  • the transmission record can be saved to the record database, so that the user can query the transmission history to further improve the user experience.
  • FIG. 1 is a schematic flow chart of a method for preventing malware from transmitting data according to the present invention
  • FIG. 2 is a schematic flowchart of a method for preventing malware from sending a short message according to an embodiment
  • FIG. 3 is a schematic structural diagram of an apparatus for preventing malware from transmitting data according to the present invention. detailed description
  • the method for preventing malware from transmitting data includes the following steps: Step 101: intercepting a data sending request, and acquiring process information corresponding to the data sending request; where the data sending request may be a short message sending request , MMS send request or other data packet transmission request;
  • the intercepted short message sending request includes the short message content, the destination address of the short message, and the sending time;
  • the data intercepting module of the smart mobile terminal needs to be set under the short message interface of the smart mobile terminal to intercept each short message sending request;
  • the mobile terminal such as the short message interface of the smart phone
  • the process information of the short message interface calling the mobile phone is saved in the process of the smart phone, therefore, the process information that can be saved from the process of the smart phone after intercepting the short message sending request Obtaining process information corresponding to the short message sending request;
  • the intercepted data sending request is a MMS sending request
  • the intercepted MMS sending request includes the MMS content, the destination address of the MMS, and the sending time;
  • the intercepted data transmission request is a data packet transmission request
  • the intercepted data transmission request includes the destination URL of the data packet, the content of the data packet, and the sending time;
  • the corresponding interface of the smart phone needs to be called.
  • the process information of the corresponding interface of the mobile phone is saved in the process of the smart phone, so after intercepting the data transmission request, The process information corresponding to the data transmission request is obtained from the process information saved in the process of the smartphone.
  • Step 102 Match the obtained process information with the process information in the preset list database, and perform corresponding sending or discarding the intercepted data sending request according to the matching result;
  • the list database includes the process information of the whitelist and the process information of the blacklist.
  • the process information of the whitelist is: the process information of the data that can be sent out, and the process information of the blacklist is: Process information;
  • the intercepted data transmission request is sent, and when the acquired process information matches the process information in the blacklist, the device is discarded.
  • the intercepting data sending request when the acquired process information cannot match the process information in the list database, displaying relevant information including the data content and the acquired process information to the user;
  • the data content may be a short message content, a multimedia message content, or a data packet content;
  • the related information may further include a destination address of the short message or the multimedia message, a sending time or a destination URL of the data packet, a sending time, and the like; after displaying the related information including the data content and the acquired process information to the user, according to the received user
  • the command performs corresponding processing. Specifically, if the received user's command is a command to agree to send, the intercepted data sending request is sent, and if the received user's command is a disagreement with the sent command, the command is lost.
  • the intercepted data sending request is discarded; at this time, the acquired process information may be added to the list database, and specifically, if the data sending request is sent, the acquired process information is added. If the intercepted data transmission request is discarded, the obtained process information is added to the blacklisted process information.
  • the sending the intercepted data sending request is specifically:
  • the method may further include: saving the sending record to the record database, so that the user can query the sending history afterwards; further, the discarded data sending request may also be saved. Go to the record database and mark it as being intercepted; the send history record contains data content, corresponding process information, and the like.
  • the method for preventing malware from sending a short message in this embodiment includes the following steps:
  • Step 201 Block the short message sending request, and obtain the process information corresponding to the short message sending request.
  • the intercepted short message sending request includes the short message content, the destination address of the short message, and the sending time.
  • Step 202 Determine whether the acquired process information matches the process information in the preset list database, where the list database includes the whitelist process information and the blacklist process information. If the acquired process information matches the process information in the whitelist, perform the step
  • step 203a If the obtained process information matches the process information in the blacklist, step 203b is performed. If the acquired process information cannot match the process information in the list database, step 204 is performed.
  • Step 203a Send the intercepted short message sending request, and then perform step 207.
  • Step 203b Discard the intercepted short message sending request, and then perform step 208.
  • Step 204 Display the related information including the short message content and the obtained process information to the user, and after receiving the command to agree to send, perform step 205, and after receiving the command disagreeing to send, perform step 206;
  • the related information includes: a short message content, the acquired process information, a destination address of the short message, a sending time, and the like.
  • Step 205 Send the intercepted short message sending request, and add the acquired process information to the whitelisted process information, and then perform step 207.
  • Step 206 Discard the intercepted short message sending request, and add the acquired process information to the blacklisted process information, and then perform step 208.
  • Step 207 Save the transmission record to the record database, and then go to step 209.
  • Step 208 Save the discarded intercepted short message sending request to the record database, and mark it as being intercepted, and then perform step 209.
  • Step 209 End the current processing flow.
  • the present invention further provides an apparatus for preventing malware from transmitting data.
  • the apparatus includes: a data intercepting module 31, a list judging module 32, and a processing module 33;
  • the data intercepting module 31 is configured to intercept the data sending request, obtain the process information corresponding to the data sending request, and send the obtained process information to the list determining module 32;
  • the list determining module 32 is configured to receive the acquired process information sent by the data intercepting module 31, Matching the obtained process information with the process information in the preset list database, and sending the matching result to the processing module 33;
  • the processing module 33 is configured to: after receiving the matching result sent by the list determining module 32, perform corresponding sending or discarding processing on the intercepted data sending request according to the matching result.
  • the data intercepting module 31 is disposed under the short message interface of the smart mobile terminal to intercept each short message sending request.
  • the processing module 33 is specifically configured to:
  • the intercepted data transmission request is sent, and when the acquired process information matches the process information in the blacklist, the device is discarded.
  • the intercepted data sending request is displayed to the user when the acquired process information cannot match the process information in the list database, and the related information including the data content and the acquired process information is displayed.
  • the device may further include: a recording module, configured to: after receiving the transmission record sent by the processing module 33, save the transmission record to the record database;
  • the processing module 33 is further configured to: after sending the intercepted data transmission request, send the transmission record to the recording module.
  • the processing module 33 is further configured to: after discarding the intercepted data sending request, send the discarded data sending request to the recording module;
  • the recording module is further configured to: after receiving the discarded data transmission request sent by the processing module 33, save the discarded data transmission request to the record database, and mark it as being intercepted.
  • the processing module 33 is further configured to: after receiving the command sent by the user, send the intercepted data sending request, and add the acquired process information to the whitelist process information; After the command is sent, the intercepted data sending request is discarded, and the obtained process information is added to the blacklisted process information.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for preventing malicious softwares from transmitting data is disclosed. The method includes: intercepting a data transmission request and obtaining the process information corresponding to the data transmission request; matching the obtained process information with the process information preset in a list database; according to the matched result, correspondingly transmitting or discarding the intercepted data transmission request. An apparatus for preventing malicious softwares from transmitting data is also disclosed. With the method and the apparatus in the present invention, the malicious softwares are prevented from transmitting data in the background, and thereby the expense loss is reduced and the user experience is satisfied.

Description

一种防止恶意软件发送数据的方法及装置 技术领域  Method and device for preventing malware from transmitting data
本发明涉及移动终端技术, 特别是指一种防止恶意软件发送数据的方 法及装置。 背景技术  The present invention relates to mobile terminal technology, and more particularly to a method and apparatus for preventing malware from transmitting data. Background technique
随着科学技术的发展, 智能移动终端比如智能手机的使用人群逐渐平 民化, 智能手机已不再是商务人士的专爱, 其用户群规模迅猛扩展。 智能 手机的一个显著特点是能灵活安装应用软件, 随着用户群的不断扩大, 这 一特点也引起了一些恶意软件的关注, 以前只在计算机上才出现的恶意软 件已经开始在智能手机上出现。 由于手机牵涉到话费问题, 即: 存在经济 利益, 所以智能手机上的恶意软件与计算机上的相比危害更大。 一般, 恶 意软件会捆绑在某些比较热门的正常软件中, 利用正常软件诱导用户去下 载, 当用户下载了那些捆绑了恶意软件的软件包并安装后, 恶意软件就会 在后台偷偷运行。  With the development of science and technology, the use of intelligent mobile terminals such as smart phones has gradually become popular, and smart phones are no longer the favorite of business people, and their user base has expanded rapidly. A notable feature of smartphones is the flexibility to install application software. As the user base continues to expand, this feature has also attracted some attention from malware. Malware that only appeared on computers has begun to appear on smartphones. . Since the mobile phone involves a call charge problem, that is, there is an economic benefit, the malware on the smartphone is more harmful than the one on the computer. In general, malware is bundled in some of the more popular normal software, using normal software to induce users to download. When users download packages that are bundled with malware and install them, the malware will sneak in the background.
恶意软件的行为有很多种类型, 其中一种就是在后台发送短信, 比如: 利用智能手机提供的短信接口, 订购一些消费业务等, 或者, 不停地外发 短信, 这些操作都会造成用户话费的大量损失, 而且还不易被发觉, 只有 事后到运营商处仔细查询清单才能发现一些端倪, 经济损失一般比较难以 挽回。 因此, 如何及时发现、 最好能提前防范这类恶意软件的行为, 进而 防止话费损失, 就显得尤其重要, 已成为用户的迫切需求。  There are many types of malware behaviors, one of which is to send text messages in the background, such as: using the SMS interface provided by the smart phone, ordering some consumer services, etc., or constantly sending out text messages, these operations will cause user calls. A lot of losses, but also not easy to be detected, only after the operator to carefully check the list to find some clues, economic losses are generally more difficult to recover. Therefore, how to detect and prevent such malware in advance, and prevent the loss of telephone charges, is particularly important, and has become an urgent need of users.
目前, 还没有防止恶意软件发送短信的技术方案。 发明内容 Currently, there are no technical solutions to prevent malware from sending text messages. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种防止恶意软件发送数据的 方法及装置, 能阻止恶意软件在后台发送数据, 减少费用损失。  In view of this, the main object of the present invention is to provide a method and apparatus for preventing malware from transmitting data, which can prevent malware from transmitting data in the background and reduce cost loss.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供了一种防止恶意软件发送数据的方法, 该方法包括: 拦截数据发送请求, 并获取所述数据发送请求对应的进程信息; 将获取的进程信息与预先设置的名单数据库中的进程信息进行匹配, 根据匹配结果, 对拦截的数据发送请求进行相应的发送或丟弃处理。  The present invention provides a method for preventing malware from transmitting data, the method comprising: intercepting a data transmission request, and acquiring process information corresponding to the data transmission request; and acquiring the process information and process information in a preset list database Matching is performed, and according to the matching result, the intercepted data sending request is sent or discarded accordingly.
上述方案中, 所述根据匹配结果, 对拦截的数据发送请求进行相应的 发送或丟弃处理, 为:  In the foregoing solution, the sending or discarding the intercepted data sending request according to the matching result is:
当所述获取的进程信息与白名单中的进程信息相匹配时, 则发送所述 拦截的数据发送请求;  And when the acquired process information matches the process information in the whitelist, sending the intercepted data sending request;
当所述获取的进程信息与黑名单中的进程信息相匹配时, 则丟弃所述 拦截的数据发送请求;  When the acquired process information matches the process information in the blacklist, the intercepted data transmission request is discarded;
当所述获取的进程信息与名单数据库中的进程信息不能匹配时, 将包 含数据内容及所述获取的进程信息的相关信息展示给用户。  When the acquired process information cannot match the process information in the list database, the related information including the data content and the acquired process information is presented to the user.
上述方案中, 该方法进一步包括:  In the above solution, the method further includes:
将包含数据内容及所述获取的进程信息的相关信息展示给用户后, 根 据收到的用户的命令作出相应的处理。  After the related information including the data content and the acquired process information is presented to the user, corresponding processing is performed according to the received user's command.
上述方案中, 所述根据收到的用户的命令作出相应的处理, 为: 收到的用户的命令为同意发送的命令时, 则发送所述拦截的数据发送 请求, 并将所述获取的进程信息添加到白名单的进程信息中;  In the above solution, the corresponding processing is performed according to the received user's command, when: the received user's command is a command to agree to send, the intercepted data sending request is sent, and the acquired process is obtained. Information is added to the whitelisted process information;
收到的用户的命令为不同意发送的命令时, 则丟弃所述拦截的数据发 送请求, 并将所述获取的进程信息添加到黑名单的进程信息中。  When the received user's command is a disagreement with the sent command, the intercepted data transmission request is discarded, and the acquired process information is added to the blacklisted process information.
上述方案中, 该方法进一步包括: 将发送记录保存到记录数据库中。 上述方案中, 该方法进一步包括: 将已丟弃的数据发送请求保存到记 录数据库中。 In the above solution, the method further includes: saving the transmission record to the record database. In the above solution, the method further includes: saving the discarded data transmission request to the record database.
本发明还提供了一种防止恶意软件发送数据的装置, 该装置包括: 数 据拦截模块、 名单判断模块、 及处理模块; 其中,  The present invention also provides an apparatus for preventing malware from transmitting data, the apparatus comprising: a data intercepting module, a list judging module, and a processing module;
数据拦截模块, 用于拦截数据发送请求, 获取所述数据发送请求对应 的进程信息, 并将获取的进程信息发送给名单判断模块;  a data intercepting module, configured to intercept a data sending request, obtain process information corresponding to the data sending request, and send the obtained process information to the list determining module;
名单判断模块, 用于收到数据拦截模块发送的获取的进程信息后, 将 获取的进程信息与预先设置的名单数据库中的进程信息进行匹配, 并将匹 配结果发送给处理模块;  The list judging module is configured to: after receiving the acquired process information sent by the data intercepting module, matching the obtained process information with the process information in the preset list database, and sending the matching result to the processing module;
处理模块, 用于收到名单判断模块发送的匹配结果后, 根据匹配结果, 对拦截的数据发送请求进行相应的发送或丟弃处理。  The processing module is configured to: after receiving the matching result sent by the list judging module, perform corresponding sending or discarding processing on the intercepted data sending request according to the matching result.
上述方案中, 所述处理模块, 具体用于: 当所述获取的进程信息与白 名单中的进程信息相匹配时, 则发送所述拦截的数据发送请求, 当所述获 取的进程信息与黑名单中的进程信息相匹配时, 则丟弃所述拦截的数据发 送请求, 当所述获取的进程信息与名单数据库中的进程信息不能匹配时, 将包含数据内容及所述获取的进程信息的相关信息展示给用户。  In the foregoing solution, the processing module is specifically configured to: when the acquired process information matches the process information in the whitelist, send the intercepted data sending request, when the acquired process information is black When the process information in the list matches, the intercepted data transmission request is discarded, and when the acquired process information cannot match the process information in the list database, the data content and the acquired process information are included. Relevant information is presented to the user.
上述方案中, 所述处理模块, 还用于收到用户的同意发送的命令后, 发送所述拦截的数据发送请求, 并将所述获取的进程信息添加到白名单的 进程信息中; 或者, 收到用户的不同意发送的命令后, 丟弃所述拦截的数 据发送请求, 并将所述获取的进程信息添加到黑名单的进程信息中。  In the above solution, the processing module is further configured to: after receiving the command sent by the user, send the intercepted data sending request, and add the acquired process information to the whitelist process information; or After receiving the command that the user does not agree to send, the intercepted data sending request is discarded, and the obtained process information is added to the blacklisted process information.
上述方案中, 该装置进一步包括: 记录模块, 用于收到处理模块发送 的发送记录后, 将发送记录保存到记录数据库中, 或者, 收到处理模块发 送的已丟弃的数据发送请求后, 将已丟弃的数据发送请求也保存到记录数 据库中, 并标记成被拦截;  In the above solution, the device further includes: a recording module, configured to: after receiving the transmission record sent by the processing module, save the transmission record to the record database, or after receiving the discarded data transmission request sent by the processing module, The discarded data transmission request is also saved to the record database and marked as intercepted;
所述处理模块, 还用于发送所述拦截的数据发送请求后, 将发送记录 发送给记录模块, 或者, 丟弃所述拦截的数据发送请求后, 将已丟弃的数 据发送请求发送给记录模块。 The processing module is further configured to send a record after sending the intercepted data sending request After being sent to the recording module, or discarding the intercepted data sending request, the discarded data sending request is sent to the recording module.
本发明提供的防止恶意软件发送数据的方案, 拦截数据发送请求, 并 获取对应的进程信息, 将获取的进程信息与预先设置的名单数据库中的进 程信息进行匹配, 根据匹配结果, 对拦截的数据发送请求进行相应的发送 或丟弃处理, 如此, 能阻止恶意软件在后台发送数据, 进而能减少费用损 失, 满足用户体验。  The invention provides a scheme for preventing malware from transmitting data, intercepts a data transmission request, and acquires corresponding process information, and matches the acquired process information with process information in a preset list database, and according to the matching result, the intercepted data. Sending a request for corresponding sending or discarding processing can prevent malware from sending data in the background, thereby reducing cost loss and satisfying the user experience.
另外, 可以将发送记录保存到记录数据库中, 如此, 能方便用户查询 发送历史记录, 进一步提升用户体验。 附图说明  In addition, the transmission record can be saved to the record database, so that the user can query the transmission history to further improve the user experience. DRAWINGS
图 1为本发明防止恶意软件发送数据的方法流程示意图;  1 is a schematic flow chart of a method for preventing malware from transmitting data according to the present invention;
图 2为实施例防止恶意软件发送短信的方法流程示意图;  2 is a schematic flowchart of a method for preventing malware from sending a short message according to an embodiment;
图 3为本发明防止恶意软件发送数据的装置结构示意图。 具体实施方式  FIG. 3 is a schematic structural diagram of an apparatus for preventing malware from transmitting data according to the present invention. detailed description
下面结合附图及具体实施例对本发明再作进一步详细的说明。  The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
本发明防止恶意软件发送数据的方法, 如图 1所示, 包括以下步骤: 步骤 101 : 拦截数据发送请求, 并获取数据发送请求对应的进程信息; 这里, 所述数据发送请求可以是短信发送请求、 彩信发送请求或其它 数据包发送请求;  The method for preventing malware from transmitting data, as shown in FIG. 1 , includes the following steps: Step 101: intercepting a data sending request, and acquiring process information corresponding to the data sending request; where the data sending request may be a short message sending request , MMS send request or other data packet transmission request;
如果拦截的数据发送请求为短信发送请求时, 拦截的短信发送请求包 含短信内容、 短信的目的地址、 及发送时间等;  If the intercepted data sending request is a short message sending request, the intercepted short message sending request includes the short message content, the destination address of the short message, and the sending time;
在实际使用时, 需要将智能移动终端的数据拦截模块设置于智能移动 终端的短信接口的下面, 拦截每个短信发送请求;  In actual use, the data intercepting module of the smart mobile terminal needs to be set under the short message interface of the smart mobile terminal to intercept each short message sending request;
应用软件如恶意软件或正常的短信软件发送短信时, 需要调用智能移 动终端如智能手机的短信接口, 此时, 在智能手机的进程中会保存有调用 手机的短信接口的进程信息, 因此, 在拦截短信发送请求后, 可以从智能 手机的进程中保存的进程信息中获得短信发送请求对应的进程信息; When an application software such as malware or normal SMS software sends a text message, it needs to call smart shift. The mobile terminal, such as the short message interface of the smart phone, at this time, the process information of the short message interface calling the mobile phone is saved in the process of the smart phone, therefore, the process information that can be saved from the process of the smart phone after intercepting the short message sending request Obtaining process information corresponding to the short message sending request;
如果拦截的数据发送请求为彩信发送请求时, 拦截的彩信发送请求包 含彩信内容、 彩信的目的地址、 及发送时间等;  If the intercepted data sending request is a MMS sending request, the intercepted MMS sending request includes the MMS content, the destination address of the MMS, and the sending time;
如果拦截的数据发送请求为数据包发送请求时, 拦截的数据发送请求 包含数据包的目的网址、 数据包内容、 及发送时间等;  If the intercepted data transmission request is a data packet transmission request, the intercepted data transmission request includes the destination URL of the data packet, the content of the data packet, and the sending time;
同样的, 在发送彩信或数据包时, 需要调用智能手机相应的接口, 此 时, 在智能手机的进程中会保存有调用手机相应的接口的进程信息, 因此, 在拦截数据发送请求后, 可以从智能手机的进程中保存的进程信息中获得 数据发送请求对应的进程信息。  Similarly, when sending a multimedia message or a data packet, the corresponding interface of the smart phone needs to be called. At this time, the process information of the corresponding interface of the mobile phone is saved in the process of the smart phone, so after intercepting the data transmission request, The process information corresponding to the data transmission request is obtained from the process information saved in the process of the smartphone.
步骤 102:将获取的进程信息与预先设置的名单数据库中的进程信息进 行匹配, 根据匹配结果, 对拦截的数据发送请求进行相应的发送或丟弃处 理;  Step 102: Match the obtained process information with the process information in the preset list database, and perform corresponding sending or discarding the intercepted data sending request according to the matching result;
这里, 所述名单数据库包含白名单的进程信息及黑名单的进程信息; 其中, 白名单的进程信息为: 能向外发送数据的进程信息, 黑名单的进程 信息为: 不能向外发送数据的进程信息;  Here, the list database includes the process information of the whitelist and the process information of the blacklist. The process information of the whitelist is: the process information of the data that can be sent out, and the process information of the blacklist is: Process information;
所述根据匹配结果, 对拦截的数据发送请求进行相应的发送或丟弃处 理, 具体为:  And performing, according to the matching result, the sending or discarding the intercepted data sending request, specifically:
当所述获取的进程信息与白名单中的进程信息相匹配时, 则发送所述 拦截的数据发送请求, 当所述获取的进程信息与黑名单中的进程信息相匹 配时, 则丟弃所述拦截的数据发送请求, 当所述获取的进程信息与名单数 据库中的进程信息不能匹配时, 将包含数据内容及所述获取的进程信息的 相关信息展示给用户;  When the obtained process information matches the process information in the whitelist, the intercepted data transmission request is sent, and when the acquired process information matches the process information in the blacklist, the device is discarded. The intercepting data sending request, when the acquired process information cannot match the process information in the list database, displaying relevant information including the data content and the acquired process information to the user;
其中, 所述数据内容可以是短信内容、 彩信内容或数据包内容; 所述 相关信息还可以包括短信或彩信的目的地址、 发送时间或数据包的目的网 址、 发送时间等; 将包含数据内容及所述获取的进程信息的相关信息展示 给用户后, 根据收到的用户的命令作出相应的处理, 具体地, 如果收到的 用户的命令为同意发送的命令时, 则发送所述拦截的数据发送请求, 如果 收到的用户的命令为不同意发送的命令时, 则丟弃所述拦截的数据发送请 求; 此时, 进一步地, 可以将所述获取的进程信息添加到名单数据库中, 具体地, 如果发送了所述数据发送请求, 则将所述获取的进程信息添加到 白名单的进程信息中, 如果丟弃了所述拦截的数据发送请求, 则将所述获 取的进程信息添加到黑名单的进程信息中; The data content may be a short message content, a multimedia message content, or a data packet content; The related information may further include a destination address of the short message or the multimedia message, a sending time or a destination URL of the data packet, a sending time, and the like; after displaying the related information including the data content and the acquired process information to the user, according to the received user The command performs corresponding processing. Specifically, if the received user's command is a command to agree to send, the intercepted data sending request is sent, and if the received user's command is a disagreement with the sent command, the command is lost. The intercepted data sending request is discarded; at this time, the acquired process information may be added to the list database, and specifically, if the data sending request is sent, the acquired process information is added. If the intercepted data transmission request is discarded, the obtained process information is added to the blacklisted process information.
当所述拦截的数据发送请求为短信发送请求时, 所述发送所述拦截的 数据发送请求, 具体为:  When the intercepted data sending request is a short message sending request, the sending the intercepted data sending request is specifically:
调用移动终端的短信模块, 由短信模块发送短信; 其中, 短信模块发 送短信的具体处理流程与现有的处理流程完全相同;  Calling the short message module of the mobile terminal, and sending the short message by the short message module; wherein the specific processing flow of sending the short message by the short message module is exactly the same as the existing processing flow;
在发送所述拦截的数据发送请求后, 该方法可以进一步包括: 将发送记录保存到记录数据库中, 以便事后用户可以查询发送历史记 录; 进一步地, 还可以将已丟弃的数据发送请求也保存到记录数据库中, 并标记成被拦截; 所述发送历史记录包含数据内容、 对应的进程信息等内 容。  After the intercepting the data sending request, the method may further include: saving the sending record to the record database, so that the user can query the sending history afterwards; further, the discarded data sending request may also be saved. Go to the record database and mark it as being intercepted; the send history record contains data content, corresponding process information, and the like.
下面以短信为例, 本实施例防止恶意软件发送短信的方法, 如图 2所 示, 包括以下步骤:  The following takes the short message as an example. The method for preventing malware from sending a short message in this embodiment, as shown in FIG. 2, includes the following steps:
步骤 201 : 拦截短信发送请求, 并获取短信发送请求对应的进程信息; 这里, 所述拦截的短信发送请求包含短信内容、 短信的目的地址、 及 发送时间等。  Step 201: Block the short message sending request, and obtain the process information corresponding to the short message sending request. Here, the intercepted short message sending request includes the short message content, the destination address of the short message, and the sending time.
步骤 202:判断获取的进程信息与预先设置的名单数据库中的进程信息 是否能匹配, 所述名单数据库包含白名单的进程信息及黑名单的进程信息, 如果所述获取的进程信息与白名单中的进程信息相匹配时, 则执行步骤Step 202: Determine whether the acquired process information matches the process information in the preset list database, where the list database includes the whitelist process information and the blacklist process information. If the acquired process information matches the process information in the whitelist, perform the step
203a, 如果所述获取的进程信息与黑名单中的进程信息相匹配时, 则执行 步骤 203b, 如果所述获取的进程信息与名单数据库中的进程信息不能匹配 时, 则执行步骤 204。 203a. If the obtained process information matches the process information in the blacklist, step 203b is performed. If the acquired process information cannot match the process information in the list database, step 204 is performed.
步骤 203a: 发送所述拦截的短信发送请求, 之后执行步骤 207。  Step 203a: Send the intercepted short message sending request, and then perform step 207.
步骤 203b: 丟弃所述拦截的短信发送请求, 之后执行步骤 208。  Step 203b: Discard the intercepted short message sending request, and then perform step 208.
步骤 204:将包含短信内容及所述获取的进程信息的相关信息展示给用 户, 并在收到同意发送的命令后, 执行步骤 205 , 在收到不同意发送的命令 后, 执行步骤 206;  Step 204: Display the related information including the short message content and the obtained process information to the user, and after receiving the command to agree to send, perform step 205, and after receiving the command disagreeing to send, perform step 206;
这里, 所述相关信息包括: 短信内容、 所述获取的进程信息、 短信的 目的地址、 发送时间等。  Here, the related information includes: a short message content, the acquired process information, a destination address of the short message, a sending time, and the like.
步骤 205: 发送所述拦截的短信发送请求, 并将所述获取的进程信息添 加到白名单的进程信息中, 之后执行步骤 207。  Step 205: Send the intercepted short message sending request, and add the acquired process information to the whitelisted process information, and then perform step 207.
步骤 206: 丟弃所述拦截的短信发送请求, 并将所述获取的进程信息添 加到黑名单的进程信息中, 之后执行步骤 208。  Step 206: Discard the intercepted short message sending request, and add the acquired process information to the blacklisted process information, and then perform step 208.
步骤 207: 将发送记录保存到记录数据库中, 之后执行步骤 209。  Step 207: Save the transmission record to the record database, and then go to step 209.
步骤 208: 将已丟弃的所述拦截的短信发送请求保存到记录数据库中, 并标记成被拦截, 之后执行步骤 209。  Step 208: Save the discarded intercepted short message sending request to the record database, and mark it as being intercepted, and then perform step 209.
步骤 209: 结束当前处理流程。  Step 209: End the current processing flow.
为实现上述方法, 本发明还提供了一种防止恶意软件发送数据的装置, 如图 3所述, 该装置包括: 数据拦截模块 31、 名单判断模块 32、 及处理模 块 33; 其中,  In order to implement the above method, the present invention further provides an apparatus for preventing malware from transmitting data. As shown in FIG. 3, the apparatus includes: a data intercepting module 31, a list judging module 32, and a processing module 33;
数据拦截模块 31 , 用于拦截数据发送请求, 获取数据发送请求对应的 进程信息, 并将获取的进程信息发送给名单判断模块 32;  The data intercepting module 31 is configured to intercept the data sending request, obtain the process information corresponding to the data sending request, and send the obtained process information to the list determining module 32;
名单判断模块 32 ,用于收到数据拦截模块 31发送的获取的进程信息后, 将获取的进程信息与预先设置的名单数据库中的进程信息进行匹配, 并将 匹配结果发送给处理模块 33 ; The list determining module 32 is configured to receive the acquired process information sent by the data intercepting module 31, Matching the obtained process information with the process information in the preset list database, and sending the matching result to the processing module 33;
处理模块 33, 用于收到名单判断模块 32发送的匹配结果后, 根据匹配 结果, 对拦截的数据发送请求进行相应的发送或丟弃处理。  The processing module 33 is configured to: after receiving the matching result sent by the list determining module 32, perform corresponding sending or discarding processing on the intercepted data sending request according to the matching result.
其中, 如果用于拦截短信时, 数据拦截模块 31设置于智能移动终端的 短信接口的下面, 拦截每个短信发送请求。  The data intercepting module 31 is disposed under the short message interface of the smart mobile terminal to intercept each short message sending request.
所述处理模块 33 , 具体用于:  The processing module 33 is specifically configured to:
当所述获取的进程信息与白名单中的进程信息相匹配时, 则发送所述 拦截的数据发送请求, 当所述获取的进程信息与黑名单中的进程信息相匹 配时, 则丟弃所述拦截的数据发送请求, 当所述获取的进程信息与名单数 据库中的进程信息不能匹配时, 将包含数据内容及所述获取的进程信息的 相关信息展示给用户。  When the obtained process information matches the process information in the whitelist, the intercepted data transmission request is sent, and when the acquired process information matches the process information in the blacklist, the device is discarded. The intercepted data sending request is displayed to the user when the acquired process information cannot match the process information in the list database, and the related information including the data content and the acquired process information is displayed.
该装置还可以进一步包括: 记录模块, 用于收到处理模块 33发送的发 送记录后, 将发送记录保存到记录数据库中;  The device may further include: a recording module, configured to: after receiving the transmission record sent by the processing module 33, save the transmission record to the record database;
所述处理模块 33 , 还用于发送所述拦截的数据发送请求后, 将发送记 录发送给记录模块。  The processing module 33 is further configured to: after sending the intercepted data transmission request, send the transmission record to the recording module.
所述处理模块 33 , 还用于丟弃所述拦截的数据发送请求后, 将已丟弃 的数据发送请求发送给记录模块;  The processing module 33 is further configured to: after discarding the intercepted data sending request, send the discarded data sending request to the recording module;
记录模块, 还用于收到处理模块 33发送的已丟弃的数据发送请求后, 将已丟弃的数据发送请求也保存到记录数据库中, 并标记成被拦截。  The recording module is further configured to: after receiving the discarded data transmission request sent by the processing module 33, save the discarded data transmission request to the record database, and mark it as being intercepted.
所述处理模块 33 , 还用于收到用户的同意发送的命令后, 发送所述拦 截的数据发送请求, 并将所述获取的进程信息添加到白名单的进程信息中; 收到用户的不同意发送的命令后, 丟弃所述拦截的数据发送请求, 并将所 述获取的进程信息添加到黑名单的进程信息中。  The processing module 33 is further configured to: after receiving the command sent by the user, send the intercepted data sending request, and add the acquired process information to the whitelist process information; After the command is sent, the intercepted data sending request is discarded, and the obtained process information is added to the blacklisted process information.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围, 凡在本发明的精神和原则之内所作的任何修改、 等同替换和改进 等, 均应包含在本发明的保护范围之内。 The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. All modifications, equivalent substitutions and improvements made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权利要求书 Claim
1、 一种防止恶意软件发送数据的方法, 其特征在于, 该方法包括: 拦截数据发送请求, 并获取所述数据发送请求对应的进程信息; 将获取的进程信息与预先设置的名单数据库中的进程信息进行匹配, 根据匹配结果, 对拦截的数据发送请求进行相应的发送或丟弃处理。  A method for preventing malware from transmitting data, the method comprising: intercepting a data transmission request, and acquiring process information corresponding to the data transmission request; and acquiring the process information and a preset list database The process information is matched, and according to the matching result, the intercepted data transmission request is sent or discarded accordingly.
2、 根据权利要求 1所述的方法, 其特征在于, 所述根据匹配结果, 对 拦截的数据发送请求进行相应的发送或丟弃处理, 为:  The method according to claim 1, wherein the method for transmitting or discarding the intercepted data transmission request according to the matching result is:
当所述获取的进程信息与白名单中的进程信息相匹配时, 则发送所述 拦截的数据发送请求;  And when the acquired process information matches the process information in the whitelist, sending the intercepted data sending request;
当所述获取的进程信息与黑名单中的进程信息相匹配时, 则丟弃所述 拦截的数据发送请求;  When the acquired process information matches the process information in the blacklist, the intercepted data transmission request is discarded;
当所述获取的进程信息与名单数据库中的进程信息不能匹配时, 将包 含数据内容及所述获取的进程信息的相关信息展示给用户。  When the acquired process information cannot match the process information in the list database, the related information including the data content and the acquired process information is presented to the user.
3、 根据权利要求 2所述的方法, 其特征在于, 该方法进一步包括: 将包含数据内容及所述获取的进程信息的相关信息展示给用户后, 根 据收到的用户的命令作出相应的处理。  The method according to claim 2, wherein the method further comprises: displaying related information including the data content and the acquired process information to the user, and performing corresponding processing according to the received user command. .
4、 根据权利要求 3所述的方法, 其特征在于, 所述根据收到的用户的 命令作出相应的处理, 为:  The method according to claim 3, wherein the processing according to the received user's command is:
收到的用户的命令为同意发送的命令时, 则发送所述拦截的数据发送 请求, 并将所述获取的进程信息添加到白名单的进程信息中;  When the received user's command is a command to be sent, the intercepted data sending request is sent, and the obtained process information is added to the whitelisted process information;
收到的用户的命令为不同意发送的命令时, 则丟弃所述拦截的数据发 送请求, 并将所述获取的进程信息添加到黑名单的进程信息中。  When the received user's command is a disagreement with the sent command, the intercepted data transmission request is discarded, and the acquired process information is added to the blacklisted process information.
5、 根据权利要求 1至 4任一项所述的方法, 其特征在于, 该方法进一 步包括:  The method according to any one of claims 1 to 4, characterized in that the method further comprises:
将发送记录保存到记录数据库中。 Save the send record to the record database.
6、 根据权利要求 1至 4任一项所述的方法, 其特征在于, 该方法进一 步包括: The method according to any one of claims 1 to 4, characterized in that the method further comprises:
将已丟弃的数据发送请求保存到记录数据库中。  Save the dropped data send request to the record database.
7、 一种防止恶意软件发送数据的装置, 其特征在于, 该装置包括: 数 据拦截模块、 名单判断模块、 及处理模块; 其中,  A device for preventing malware from transmitting data, the device comprising: a data intercepting module, a list judging module, and a processing module;
数据拦截模块, 用于拦截数据发送请求, 获取所述数据发送请求对应 的进程信息, 并将获取的进程信息发送给名单判断模块;  a data intercepting module, configured to intercept a data sending request, obtain process information corresponding to the data sending request, and send the obtained process information to the list determining module;
名单判断模块, 用于收到数据拦截模块发送的获取的进程信息后, 将 获取的进程信息与预先设置的名单数据库中的进程信息进行匹配, 并将匹 配结果发送给处理模块;  The list judging module is configured to: after receiving the acquired process information sent by the data intercepting module, matching the obtained process information with the process information in the preset list database, and sending the matching result to the processing module;
处理模块, 用于收到名单判断模块发送的匹配结果后, 根据匹配结果, 对拦截的数据发送请求进行相应的发送或丟弃处理。  The processing module is configured to: after receiving the matching result sent by the list judging module, perform corresponding sending or discarding processing on the intercepted data sending request according to the matching result.
8、 根据权利要求 7所述的装置, 其特征在于, 所述处理模块, 具体用 于:  The device according to claim 7, wherein the processing module is specifically configured to:
当所述获取的进程信息与白名单中的进程信息相匹配时, 则发送所述 拦截的数据发送请求, 当所述获取的进程信息与黑名单中的进程信息相匹 配时, 则丟弃所述拦截的数据发送请求, 当所述获取的进程信息与名单数 据库中的进程信息不能匹配时, 将包含数据内容及所述获取的进程信息的 相关信息展示给用户。  When the obtained process information matches the process information in the whitelist, the intercepted data transmission request is sent, and when the acquired process information matches the process information in the blacklist, the device is discarded. The intercepted data sending request is displayed to the user when the acquired process information cannot match the process information in the list database, and the related information including the data content and the acquired process information is displayed.
9、 根据权利要求 8所述的装置, 其特征在于, 所述处理模块, 还用于 收到用户的同意发送的命令后, 发送所述拦截的数据发送请求, 并将所述 获取的进程信息添加到白名单的进程信息中; 或者, 收到用户的不同意发 送的命令后, 丟弃所述拦截的数据发送请求, 并将所述获取的进程信息添 加到黑名单的进程信息中。  The device according to claim 8, wherein the processing module is further configured to: after receiving a command sent by the user, send the intercepted data sending request, and send the acquired process information Adding to the whitelisted process information; or, after receiving the command that the user does not agree to send, discarding the intercepted data sending request, and adding the obtained process information to the blacklisted process information.
10、 根据权利要求 7至 9任一项所述的装置, 其特征在于, 该装置进 一步包括: 记录模块, 用于收到处理模块发送的发送记录后, 将发送记录 保存到记录数据库中, 或者, 收到处理模块发送的已丟弃的数据发送请求 后, 将已丟弃的数据发送请求也保存到记录数据库中, 并标记成被拦截; 所述处理模块, 还用于发送所述拦截的数据发送请求后, 将发送记录 发送给记录模块, 或者, 丟弃所述拦截的数据发送请求后, 将已丟弃的数 据发送请求发送给记录模块。 10. Apparatus according to any one of claims 7 to 9, wherein the apparatus The step includes: a recording module, configured to: after receiving the sending record sent by the processing module, save the sending record to the record database, or after receiving the discarded data sending request sent by the processing module, the discarded data The sending request is also saved in the record database and marked as being intercepted; the processing module is further configured to send the sent data to the recording module after sending the intercepted data sending request, or discard the intercepted data After the request is sent, the discarded data transmission request is sent to the recording module.
PCT/CN2011/071428 2010-11-15 2011-03-01 Method and apparatus for preventing malicious softwares from transmitting data WO2012065381A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010546405.7 2010-11-15
CN201010546405.7A CN101984692B (en) 2010-11-15 2010-11-15 A kind of method and device for preventing Malware from sending data

Publications (1)

Publication Number Publication Date
WO2012065381A1 true WO2012065381A1 (en) 2012-05-24

Family

ID=43641862

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/071428 WO2012065381A1 (en) 2010-11-15 2011-03-01 Method and apparatus for preventing malicious softwares from transmitting data

Country Status (2)

Country Link
CN (1) CN101984692B (en)
WO (1) WO2012065381A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103874036A (en) * 2012-12-13 2014-06-18 李卓桓 Mobile phone message authentication method and apparatus

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102209326B (en) * 2011-05-20 2013-09-11 北京中研瑞丰信息技术研究所(有限合伙) Malicious behavior detection method and system based on smartphone radio interface layer
CN102547713A (en) * 2011-12-21 2012-07-04 成都三零瑞通移动通信有限公司 Anti-activating method aiming at X undercover software
CN103220658A (en) * 2012-01-19 2013-07-24 中国移动通信集团广东有限公司 Fee deduction preventing method and method, device and system of fee deduction preventing detection
CN103218552B (en) * 2012-01-19 2016-01-20 华为终端有限公司 Based on method for managing security and the device of user behavior
CN102629909B (en) * 2012-03-30 2015-09-16 北京奇虎科技有限公司 Based on flow statistical method and the system of process
CN102769703A (en) * 2012-07-17 2012-11-07 青岛海信移动通信技术股份有限公司 Mobile phone terminal and firewall monitoring method
CN103354540B (en) * 2012-12-21 2016-05-18 北京安天电子设备有限公司 A kind of malicious code detecting method of Android system and device
CN103067923A (en) * 2013-01-18 2013-04-24 浙江长天信息技术有限公司 Secret short message detecting and alarming method
CN104066090B (en) * 2013-03-21 2018-12-14 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN103412793A (en) * 2013-07-29 2013-11-27 北京奇虎科技有限公司 Method, device and system for optimizing system resources
CN104331406A (en) * 2013-12-20 2015-02-04 乐视网信息技术(北京)股份有限公司 Database capacity control method and database capacity control device
CN104125546B (en) * 2014-04-03 2018-05-04 上海粱江通信系统股份有限公司 Short message subscribing service type concentrate tube prosecutor method and system
CN104270763A (en) * 2014-10-27 2015-01-07 中国建设银行股份有限公司 Message protection method and system
CN104639749B (en) * 2015-02-04 2018-01-23 广东欧珀移动通信有限公司 Short message sending control method and device
CN106068014A (en) * 2016-06-20 2016-11-02 广东欧珀移动通信有限公司 Note monitor method and device
CN106446675A (en) * 2016-08-30 2017-02-22 维沃移动通信有限公司 Short message processing method and mobile terminal
CN108229151A (en) * 2016-12-09 2018-06-29 武汉安天信息技术有限责任公司 A kind of anti-short message applied to mobile terminal kidnaps method and device
CN106650447A (en) * 2016-12-28 2017-05-10 北京安天电子设备有限公司 Method and system for preventing PowerShell malicious code execution
CN106778276B (en) * 2016-12-29 2020-06-19 北京安天网络安全技术有限公司 Method and system for detecting malicious codes of entity-free files
CN107592314A (en) * 2017-09-20 2018-01-16 郑州云海信息技术有限公司 A kind of order line authority control method and device
CN112084502B (en) * 2020-09-18 2024-06-21 珠海豹趣科技有限公司 Software identification method and device, electronic equipment and storage medium
CN112615961A (en) * 2020-12-25 2021-04-06 珠海格力电器股份有限公司 Method and device for processing short message sending request

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889423A (en) * 2006-07-25 2007-01-03 华为技术有限公司 Method for filtering short message and mobile terminal
WO2010010060A2 (en) * 2008-07-21 2010-01-28 F-Secure Oyj Telephony fraud prevention
CN101771686A (en) * 2009-12-31 2010-07-07 卓望数码技术(深圳)有限公司 Communication method and network adapter
CN102088679A (en) * 2009-12-08 2011-06-08 北京网秦天下科技有限公司 Working method and system of intelligent short message firewall of self-learning mobile terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100589609C (en) * 2007-09-30 2010-02-10 中兴通讯股份有限公司 Method of implementing handset multimedia message firewall
US7640589B1 (en) * 2009-06-19 2009-12-29 Kaspersky Lab, Zao Detection and minimization of false positives in anti-malware processing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889423A (en) * 2006-07-25 2007-01-03 华为技术有限公司 Method for filtering short message and mobile terminal
WO2010010060A2 (en) * 2008-07-21 2010-01-28 F-Secure Oyj Telephony fraud prevention
CN102088679A (en) * 2009-12-08 2011-06-08 北京网秦天下科技有限公司 Working method and system of intelligent short message firewall of self-learning mobile terminal
CN101771686A (en) * 2009-12-31 2010-07-07 卓望数码技术(深圳)有限公司 Communication method and network adapter

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LI XIAOLI: "Analysis of Mobile Virus and Research of Countermeasures", CHINESE DOCTORAL DISSERTATIONS & MASTER'S THESES FULL-TEXT DATABASE (MASTER) INFORMATION SCIENCE AND TECHNOLOGY., no. 5, 15 May 2006 (2006-05-15), pages 44 - 61 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103874036A (en) * 2012-12-13 2014-06-18 李卓桓 Mobile phone message authentication method and apparatus

Also Published As

Publication number Publication date
CN101984692A (en) 2011-03-09
CN101984692B (en) 2017-07-28

Similar Documents

Publication Publication Date Title
WO2012065381A1 (en) Method and apparatus for preventing malicious softwares from transmitting data
US10171645B2 (en) Information transmitting method, device and system, and storage medium
EP2143287B1 (en) Short message service enhancement techniques for added communication options
CN104349288B (en) Message transmission method and device
US10298738B2 (en) Multimedia messaging service communication using a two way push connection
WO2016000636A1 (en) Communications processing method and system
CN104935744A (en) Verification code display method, verification code display device and mobile terminal
US10069872B2 (en) Architecture to establish serverless WebRTC connections
WO2011057530A1 (en) Method and apparatus for processing message contents automatically
CN104333643B (en) Add the method for contact person, system and terminal
WO2013189363A2 (en) Method for sending/receiving information by both parties in call state and mobile terminal
CN104113620A (en) Contact list updating method, updating device and user terminal
CN104243680A (en) Information processing method and electronic devices
CN105450867A (en) Communication method and device based on picture information
WO2007118422A1 (en) Method and apparatus for preventing virus from invading mobile terminal
JP2004178294A (en) Mobile terminal displaying related e-mail, method of displaying e-mail, and program
CN105516933A (en) Message processing method, message processing device, mobile terminal and server
US20220368667A1 (en) Method and apparatus for forwarding content between different application programs
US9137743B2 (en) Method and mobile device for automatically choosing communication network
CN103338315A (en) Information processing method and device
WO2017080151A1 (en) Method and device for prompting unbrowsed information in mobile terminal
CN103391237A (en) Method and device for showing microblog messages
KR101942338B1 (en) Apparatus and method for transmitting intergrated message
US20130122943A1 (en) Establishing a communication event
WO2020044085A1 (en) File processing method and apparatus in near field transmission

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11841411

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11841411

Country of ref document: EP

Kind code of ref document: A1