技术领域technical field
本申请涉及通信技术领域,尤其涉及一种安全防护方法、装置及终端设备。The present application relates to the field of communication technologies, and in particular to a security protection method, device and terminal equipment.
背景技术Background technique
随着终端的迅速普及,伴随而来的安全性问题日益突出,尤其是可在移动终端上运行的各种各样的应用所带来的安全性问题。当前,针对未知移动应用的安全性检测技术主要使用传统的静态检测技术,例如,特征码匹配技术。With the rapid popularization of terminals, the accompanying security issues have become increasingly prominent, especially the security issues brought about by various applications that can run on mobile terminals. Currently, the security detection technology for unknown mobile applications mainly uses traditional static detection technology, for example, signature matching technology.
特征码匹配技术主要在事先积累的大量样本的基础上,通过提取特征串的方式建立丰富的特征码库,然后在此基础上通过安全策略设定和打分机制对未知移动应用进行解析和特征匹配,以判断该未知移动应用是否为恶意应用。The feature code matching technology mainly builds a rich feature code library by extracting feature strings on the basis of a large number of samples accumulated in advance, and then analyzes and matches features of unknown mobile applications through security policy setting and scoring mechanism , to determine whether the unknown mobile application is a malicious application.
但是目前的恶意应用查杀方式,在恶意应用有更新的情况下,很难及时更新特征码库,从而使得无法对新出现的恶意应用进行实时和有效的防护,增加了用户终端设备被破坏的风险。However, in the current malicious application detection and killing method, it is difficult to update the signature database in time when the malicious application is updated, so that it is impossible to provide real-time and effective protection for new malicious applications, which increases the risk of user terminal equipment being damaged. risk.
发明内容Contents of the invention
本申请旨在至少在一定程度上解决相关技术中的技术问题之一。This application aims to solve one of the technical problems in the related art at least to a certain extent.
为此,本申请的第一个目的在于提出一种安全防护方法,该方法通过根据应用访问的目的服务器地址,对恶意应用进行查杀,实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。Therefore, the first purpose of this application is to propose a security protection method, which realizes real-time and effective protection of constantly updated malicious applications by checking and killing malicious applications according to the address of the destination server accessed by the application. The time for scanning and killing malicious applications is reduced, and the security level of terminal equipment is improved.
本申请的第二个目的在于提出一种安全防护装置。The second object of the present application is to propose a safety guard.
本申请的第三个目的在于提出一种终端设备。The third purpose of the present application is to provide a terminal device.
为达上述目的,本申请第一方面实施例提出了一种安全防护方法,包括:获取终端设备中各应用访问网络的数据包;判断所述数据包中包含的目的服务器地址是否在预设的地址库中,其中预设的地址库中包括恶意服务器的地址;若是,则确定发送所述数据包的应用中携带恶意程序。In order to achieve the above purpose, the embodiment of the first aspect of the present application proposes a security protection method, including: obtaining the data packet of each application in the terminal device to access the network; judging whether the destination server address contained in the data packet is within the preset In the address library, wherein the preset address library includes the address of the malicious server; if so, it is determined that the application sending the data packet carries a malicious program.
在第一方面的一种可能的实现形式中,所述获取终端设备中各应用访问网络的数据包,包括:In a possible implementation form of the first aspect, the obtaining data packets of network access by applications in the terminal device includes:
通过监测所述终端设备中的虚拟网卡的网络接口,获取终端设备中各应用访问网络的数据包。By monitoring the network interface of the virtual network card in the terminal device, the data packets of each application accessing the network in the terminal device are obtained.
在第一方面的另一种可能的实现形式中,所述确定发送所述数据包的应用中携带恶意程序之后,还包括:In another possible implementation form of the first aspect, after determining that the application that sends the data packet carries a malicious program, further includes:
通过提示窗口,询问用户是否对发送所述数据包的应用进行卸载。Through a prompt window, the user is asked whether to uninstall the application sending the data packet.
在第一方面的又一种可能的实现形式中,所述确定发送所述数据包的应用中携带恶意程序之后,还包括:In yet another possible implementation form of the first aspect, after determining that the application that sends the data packet carries a malicious program, further includes:
将与发送所述数据包的应用,对应的所有数据包进行拦截或丢包处理。All data packets corresponding to the application sending the data packets are intercepted or discarded.
在第一方面的又一种可能的实现形式中,所述判断所述数据包中包含的目的服务器地址是否在预设的地址库中之后,还包括:In yet another possible implementation form of the first aspect, after the judging whether the destination server address included in the data packet is in a preset address library, further includes:
若否,则判断所述数据包对应的信息摘要,是否与预设的特征码库中的特征码匹配;If not, then judge whether the information digest corresponding to the data packet matches the signature in the preset signature database;
若是,则确定发送所述数据包的应用中携带恶意程序。If yes, it is determined that the application sending the data packet carries a malicious program.
在第一方面的再一种可能的实现形式中,所述确定发送所述数据包的应用中携带恶意程序之后,还包括:In yet another possible implementation form of the first aspect, after determining that the application sending the data packet carries a malicious program, further includes:
将所述数据包中包括的目的服务器地址,添加至所述预设的地址库中。The destination server address included in the data packet is added to the preset address library.
本申请实施例提供的安全防护方法,首先获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若在,则确定发送该数据包的应用中携带恶意程序。由此,通过根据应用访问的目的服务器地址,对恶意应用进行查杀,实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。The security protection method provided by the embodiment of the present application first obtains the data packet of each application in the terminal device to access the network, and then judges whether the destination server address contained in the data packet is in the preset address library, and if so, determines to send the data Packaged applications carry malicious programs. Thus, by checking and killing malicious applications according to the address of the destination server accessed by the applications, real-time and effective protection of constantly updated malicious applications is realized, the time for checking and killing malicious applications is reduced, and the security level of terminal equipment is improved.
为达上述目的,本申请第二方面实施例提出了一种安全防护装置,包括:获取模块,用于获取终端设备中各应用访问网络的数据包;第一判断模块,用于判断所述数据包中包含的目的服务器地址是否在预设的地址库中,其中预设的地址库中包括恶意服务器的地址;确定模块,用于若所述目的地址在预设的地址库中,则确定发送所述数据包的应用中携带恶意程序。In order to achieve the above purpose, the embodiment of the second aspect of the present application proposes a security protection device, including: an acquisition module, used to acquire data packets for each application in the terminal device to access the network; a first judgment module, used to judge the data packets Whether the destination server address contained in the package is in a preset address library, wherein the preset address library includes the address of a malicious server; the determination module is used to determine whether to send The application of the data packet carries a malicious program.
在第二方面的一种可能的实现形式中,所述获取模块,具体用于:In a possible implementation form of the second aspect, the acquiring module is specifically configured to:
通过监测所述终端设备中的虚拟网卡的网络接口,获取终端设备中各应用访问网络的数据包。By monitoring the network interface of the virtual network card in the terminal device, the data packets of each application accessing the network in the terminal device are obtained.
在第二方面的另一种可能的实现形式中,该安全防护装置,还包括:提示模块,用于通过提示窗口,询问用户是否对发送所述数据包的应用进行卸载。In another possible implementation form of the second aspect, the security protection device further includes: a prompt module, configured to ask the user whether to uninstall the application sending the data packet through a prompt window.
在第二方面的又一种可能的实现形式中,该安全防护装置,还包括:拦截模块,用于将与发送所述数据包的应用,对应的所有数据包进行拦截或丢包处理。In yet another possible implementation form of the second aspect, the security protection device further includes: an interception module, configured to intercept or discard all data packets corresponding to the application sending the data packets.
在第二方面的又一种可能的实现形式中,该安全防护装置,还包括:第二判断模块,用于若所述数据包包含的目的地址不在预设的地址库中,则判断所述数据包对应的信息摘要,是否与预设的特征码库中的特征码匹配;所述确定模块,还用于若所述数据包对应的信息摘要与预设的特征吗库中的特征码匹配,则确定发送所述数据包的应用中携带恶意程序。In yet another possible implementation form of the second aspect, the safety protection device further includes: a second judging module, configured to judge that the destination address contained in the data packet is not in the preset address library Whether the information abstract corresponding to the data packet matches the signature in the preset signature database; the determination module is also used to match the signature in the preset signature database if the information abstract corresponding to the data packet matches , it is determined that the application sending the data packet carries a malicious program.
在第二方面的再一种可能的实现形式中,该安全防护装置,还包括:添加模块,用于将所述数据包中包括的目的服务器地址,添加至所述预设的地址库中。In yet another possible implementation form of the second aspect, the security protection device further includes: an adding module, configured to add the destination server address included in the data packet to the preset address library.
本申请实施例提供的安全防护装置,首先获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若在,则确定发送该数据包的应用中携带恶意程序。由此,通过根据应用访问的目的服务器地址,对恶意应用进行查杀,实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。The security protection device provided by the embodiment of the present application first obtains the data packet of each application in the terminal device to access the network, and then judges whether the destination server address contained in the data packet is in the preset address library, and if so, determines to send the data Packaged applications carry malicious programs. Thus, by checking and killing malicious applications according to the address of the destination server accessed by the applications, real-time and effective protection of constantly updated malicious applications is realized, the time for checking and killing malicious applications is reduced, and the security level of terminal equipment is improved.
为达上述目的,本申请第三方面实施例提出了一种终端设备,包括:处理器;和用于存储所述处理器的执行程序的存储器;其中,所述处理器,被配置为执行以下方法:获取终端设备中各应用访问网络的数据包;判断所述数据包中包含的目的服务器地址是否在预设的地址库中,其中预设的地址库中包括恶意服务器的地址;若是,则确定发送所述数据包的应用中携带恶意程序。To achieve the above purpose, the embodiment of the third aspect of the present application proposes a terminal device, including: a processor; and a memory for storing an execution program of the processor; wherein, the processor is configured to execute the following Method: Obtain data packets for each application in the terminal device to access the network; determine whether the destination server address contained in the data packets is in a preset address library, wherein the preset address library includes the address of a malicious server; if so, then It is determined that the application sending the data packet carries a malicious program.
本申请实施例提供的终端设备,首先获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若在,则确定发送该数据包的应用中携带恶意程序。由此,通过根据应用访问的目的服务器地址,对恶意应用进行查杀,实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。The terminal device provided by the embodiment of the present application firstly obtains the data packet of each application in the terminal device accessing the network, and then judges whether the destination server address contained in the data packet is in the preset address library, and if so, determines to send the data packet apps that carry malicious programs. Thus, by checking and killing malicious applications according to the address of the destination server accessed by the applications, real-time and effective protection of constantly updated malicious applications is realized, the time for checking and killing malicious applications is reduced, and the security level of terminal equipment is improved.
附图说明Description of drawings
本发明上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present invention will become apparent and easy to understand from the following description of the embodiments in conjunction with the accompanying drawings, wherein:
图1是本申请一个实施例的安全防护方法的流程图;Fig. 1 is the flowchart of the security protection method of an embodiment of the present application;
图2是本申请另一个实施例的安全防护方法的流程图;FIG. 2 is a flowchart of a security protection method according to another embodiment of the present application;
图3是本申请一个实施例的安全防护装置的结构图;Fig. 3 is a structural diagram of a safety protection device according to an embodiment of the present application;
图4是本申请另一个实施例的安全防护装置的结构图;Fig. 4 is a structural diagram of a safety protection device according to another embodiment of the present application;
图5是本申请一个实施例的终端设备的结构图。Fig. 5 is a structural diagram of a terminal device according to an embodiment of the present application.
具体实施方式detailed description
下面详细描述本申请的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,旨在用于解释本申请,而不能理解为对本申请的限制。Embodiments of the present application are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary, and are intended to explain the present application, and should not be construed as limiting the present application.
本申请各主要针对现有技术中,采用特征码匹配的方式进行恶意应用查杀的方式,由于特征码库无法与恶意应用的更新同步更新,而使得恶意会在用户的终端设备中保持一段时间,而对用户的终端设备进行破坏的问题,提出一种根据恶意服务器地址,来对恶意应用进行查杀的方法,由于一个恶意服务器会对应有多个恶意应用,即恶意应用的数量远小于恶意服务器的数量,从而使得根据一个恶意服务器地址就可以及时监测到多个恶意应用,进而对恶意应用进行查杀。This application is mainly aimed at the prior art, which adopts signature matching method to detect and kill malicious applications. Since the signature database cannot be updated synchronously with the update of malicious applications, the malware will remain in the user's terminal equipment for a period of time. , and the problem of destroying the user's terminal equipment, a method of checking and killing malicious applications based on the malicious server address is proposed. Since a malicious server will correspond to multiple malicious applications, that is, the number of malicious applications is much smaller than that of malicious applications. The number of servers makes it possible to detect multiple malicious applications in time according to one malicious server address, and then scan and kill the malicious applications.
下面参考附图描述本申请实施例的安全防护方法。The following describes the security protection method in the embodiment of the present application with reference to the accompanying drawings.
图1是本申请一个实施例的安全防护方法的流程图。Fig. 1 is a flowchart of a security protection method according to an embodiment of the present application.
如图1所示,该安全方法包括:As shown in Figure 1, this security approach includes:
S101,获取终端设备中各应用访问网络的数据包。S101. Obtain a data packet for accessing a network by each application in a terminal device.
具体的,本申请实施例提供的安全防护方法的执行主体为本申请实施例提供的安全防护装置,该装置可以被配置在任何具有操作系统,且可安装应用的终端设备中实现。Specifically, the execution subject of the security protection method provided in the embodiment of the present application is the security protection device provided in the embodiment of the present application, and the device can be configured in any terminal device with an operating system and on which applications can be installed.
其中,终端设备的类型可以根据需要确定,比如可以为手机、电脑、智能穿戴设备等。Wherein, the type of the terminal device may be determined according to needs, for example, it may be a mobile phone, a computer, a smart wearable device, and the like.
具体实现时,安全防护装置,可以通过监控终端设备的网络接口,来获取终端设备访问网络的数据包,或者也可以通过在终端设备上安装网络用于监控网络交互数据的应用,比如Fiddler等,来抓取终端设备访问网络的数据包。In specific implementation, the security protection device can monitor the network interface of the terminal device to obtain the data packets of the terminal device accessing the network, or install a network application on the terminal device for monitoring network interaction data, such as Fiddler, etc. To capture the data packets of the terminal device accessing the network.
在本实施例一种可能的实现形式中,对于操作系统为安卓(Android)系统的终端设备而言,由于该系统支持配置VPN service功能,而VPN service的一个重要功能就是“应用代理服务器”。终端设备中,一旦建立了VPN连接,终端设备上所有发送出去的数据包,都会被转发到虚拟网卡的网络接口上去,因此,本申请实施例中,还可以通过读取这个接口上的数据,来获得终端设备所有应用发送出去的网络数据包。即本申请一种可能的实现形式中,上述S101,包括:In a possible implementation form of this embodiment, for a terminal device whose operating system is an Android system, since the system supports the configuration of the VPN service function, an important function of the VPN service is an "application proxy server". In the terminal device, once the VPN connection is established, all data packets sent out on the terminal device will be forwarded to the network interface of the virtual network card. Therefore, in the embodiment of this application, it is also possible to read the data on this interface, To obtain the network data packets sent by all applications of the terminal device. That is, in a possible implementation form of this application, the above S101 includes:
通过监测所述终端设备中的虚拟网卡的网络接口,获取终端中各应用访问网络的数据包。By monitoring the network interface of the virtual network card in the terminal device, the data packets of each application in the terminal accessing the network are obtained.
S102,判断所述数据包中包含的目的服务器地址是否在预设的地址库中,其中预设的地址库中包括恶意服务器的地址。S102. Determine whether the address of the destination server included in the data packet is in a preset address library, where the preset address library includes an address of a malicious server.
S103,若是,则确定发送所述数据包的应用中携带恶意程序。S103, if yes, determine that the application sending the data packet carries a malicious program.
其中,安全防护装置中可以提前预置,包括已知的各个恶意服务器地址的地址库。该地址库可以是用户预置的,也可以是安全防护装置,通过对大量的恶意应用进行分析后生成的,本实施例对此不作限定。Wherein, the security protection device may be preset in advance, including an address library of known malicious server addresses. The address library may be preset by the user, or may be a security protection device generated after analyzing a large number of malicious applications, which is not limited in this embodiment.
具体的,应用访问网络的数据包中,包括该应用要访问的目的服务器地址、访问请求数据等。安全防护装置在获取到应用访问网络的数据包后,即可从数据包中,读取目的服务器地址,进而再判断该数据包中包含的目的服务器地址,是否在预设的地址库中,若在,则可以确定该应用中携带恶意程序,比如有恶意插件等,进而即可对该应用进行处理,比如将与发送该所述数据包的应用,对应的所有数据包进行拦截或丢包处理,从而防止恶意服务器通过该应用破坏终端设备。Specifically, the data packet for the application to access the network includes the address of the destination server to be accessed by the application, access request data, and the like. After the security protection device obtains the data packet for the application to access the network, it can read the destination server address from the data packet, and then judge whether the destination server address contained in the data packet is in the preset address library. , then it can be determined that the application carries a malicious program, such as a malicious plug-in, etc., and then the application can be processed, such as intercepting or discarding all data packets corresponding to the application that sent the data packet , so as to prevent malicious servers from damaging terminal devices through this application.
可以理解的是,由于恶意服务器地址的数量远少于恶意应用的数量,且恶意服务器地址的更新速度也远小于恶意应用的更新速度,将目的服务器地址与地址库中恶意服务器地址进行匹配的速度,远远大于将数据包中的特征码与大量特征码匹配的速度,因此采用本实施例提供的方法,可以及时、有效的对恶意应用进行查杀和防护,减少了恶意应用查杀的时间,提高了终端设备的安全等级。It is understandable that since the number of malicious server addresses is far less than the number of malicious applications, and the update speed of malicious server addresses is also much smaller than that of malicious applications, the speed of matching the destination server address with the malicious server address in the address database , which is far greater than the speed of matching the feature codes in the data packet with a large number of feature codes. Therefore, the method provided in this embodiment can timely and effectively detect and protect malicious applications, reducing the time for detecting and killing malicious applications. , improving the security level of terminal equipment.
本申请实施例提供的安全防护方法,首先获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若在,则确定发送该数据包的应用中携带恶意程序。由此,通过根据应用访问的目的服务器地址,对恶意应用进行查杀,实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。The security protection method provided by the embodiment of the present application first obtains the data packet of each application in the terminal device to access the network, and then judges whether the destination server address contained in the data packet is in the preset address library, and if so, determines to send the data Packaged applications carry malicious programs. Thus, by checking and killing malicious applications according to the address of the destination server accessed by the applications, real-time and effective protection of constantly updated malicious applications is realized, the time for checking and killing malicious applications is reduced, and the security level of terminal equipment is improved.
通过上述分析可知,可以通过根据恶意服务器地址,对应用访问网络的数据包进行有效的监控和过滤,来对不断更新的恶意应用进行实时和有效的查杀。但是,在一种可能的实现形式中,若出现了新的恶意服务器地址,且安全防护装置未能及时更新地址库中的恶意服务器地址,此时,也可能会出现恶意应用在终端设备中存活一定时间的情况。下面结合图2对上述情况下,本申请提供的安全防护方法进行进一步说明。From the above analysis, it can be seen that the continuously updated malicious applications can be detected and killed in real time and effectively by effectively monitoring and filtering the data packets that the application accesses the network according to the address of the malicious server. However, in a possible implementation form, if a new malicious server address appears, and the security protection device fails to update the malicious server address in the address database in time, at this time, malicious applications may also survive in the terminal device situation for a certain period of time. The security protection method provided by the present application will be further described below in conjunction with FIG. 2 in the above situation.
图2是本申请另一个实施例的安全防护方法的流程图。Fig. 2 is a flowchart of a security protection method according to another embodiment of the present application.
如图2所示,该安全防护方法,包括:As shown in Figure 2, the security protection method includes:
S201,通过监测所述终端设备中的虚拟网卡的网络接口,获取终端设备中各应用访问网络的数据包。S201. Obtain data packets for each application in the terminal device to access the network by monitoring the network interface of the virtual network card in the terminal device.
S202,判断所述数据包中包含的目的服务器地址是否在预设的地址库中,若是,则执行S203,否则,执行S204。S202, judging whether the destination server address included in the data packet is in a preset address library, if yes, execute S203, otherwise, execute S204.
S203,确定发送所述数据包的应用中携带恶意程序。S203. Determine that the application sending the data packet carries a malicious program.
其中,上述S201-S203可参照上述实施例中的S101-S103的详细说明,此处不再赘述。Wherein, the above-mentioned S201-S203 may refer to the detailed description of S101-S103 in the above-mentioned embodiment, which will not be repeated here.
S204,判断所述数据包对应的信息摘要,是否与预设的特征码库中的特征码匹配,若是,则执行S203,否则,执行S205。S204, judging whether the information abstract corresponding to the data packet matches the signature in the preset signature database, if yes, execute S203, otherwise, execute S205.
S205,将所述数据包发送至所述目的服务器。S205. Send the data packet to the destination server.
具体的,本申请实施例中,在根据数据包中的目的服务器地址,无法判断发送该数据包的应用是否为恶意应用时,则可以利用传统的特征码匹配的方式,对该数据包进行分析。Specifically, in the embodiment of the present application, when it is impossible to determine whether the application sending the data packet is a malicious application according to the destination server address in the data packet, the data packet can be analyzed using the traditional feature code matching method .
其中,数据包对应的信息摘要可以通过多种消息摘要算法确定,比如采用消息摘要算法第五版(Message-Digest Algorithm 5,简称MD5)、MD4、MD3等。即将整个数据包当作一个大文本信息,通过其不可逆的字符串变换算法,产生了这个数据包唯一的md5信息摘要。Wherein, the information digest corresponding to the data packet can be determined through various message digest algorithms, for example, the fifth version of the message digest algorithm (Message-Digest Algorithm 5, MD5 for short), MD4, MD3, etc. are used. That is to say, the entire data packet is regarded as a large text information, and the unique md5 information summary of this data packet is generated through its irreversible string transformation algorithm.
具体实现时,安全防护装置中,可以提前预置包括所有恶意数据包对应的md5信息摘要的特征码库,其中,特征码库中的每一个特征码都对应一种恶意数据包的信息摘要。从而安全防护装置,在确定当前获取的数据包对应的信息摘要后,即可与预设的特征码库中的特征码依次匹配,来确定发送该数据包的应用中是否携带恶意程序,若携带,则可以确定发送该数据包的应用中携带恶意程序,否则即可将该数据包发送至目的服务器。During specific implementation, in the security protection device, a feature code library including md5 information digests corresponding to all malicious data packets can be preset in advance, wherein each feature code in the feature code library corresponds to an information digest of a malicious data packet. Therefore, after the security protection device determines the information summary corresponding to the currently obtained data packet, it can sequentially match the signature codes in the preset signature code library to determine whether the application sending the data packet carries a malicious program. , it can be determined that the application sending the data packet carries a malicious program, otherwise the data packet can be sent to the destination server.
通常情况下,由于不同的恶意应用开发者,开发的恶意应用的目的或者对终端设备进行破坏的方式相同,因此本实施例中,在根据恶意服务器地址,无法确定数据包是否为恶意应用的数据包时,可以再根据数据包对应的信息摘要,对数据包进行二次判断,从而最终确定数据包是否为恶意应用发送的数据包。Usually, different malicious application developers have the same purpose of developing malicious applications or the way of damaging terminal equipment. Therefore, in this embodiment, it is impossible to determine whether the data packet is the data of a malicious application based on the address of the malicious server. When the data packet is sent, the data packet can be judged a second time according to the information summary corresponding to the data packet, so as to finally determine whether the data packet is a data packet sent by a malicious application.
进一步地,根据数据包对应的信息摘要,确定发送数据包的应用中携带恶意程序后,还可以将数据包中的目的服务器地址,添加至预设的地址库中,即在上述S204,确定数据包对应的信息摘要,与预设的特征码库中的特征码匹配后,还包括:Further, after determining that the application sending the data packet carries a malicious program according to the information summary corresponding to the data packet, the address of the destination server in the data packet can also be added to the preset address library, that is, in the above S204, the data The information summary corresponding to the package, after matching the signature in the preset signature library, also includes:
S206,将所述数据包中包括的目的服务器地址,添加至所述预设的地址库中。S206. Add the destination server address included in the data packet to the preset address library.
另外,需要说明的是,安全防护装置,在确定发送数据包的应用中携带恶意程序后,还可以将该应用发送或接收的所有数据包进行拦截和解析,以根据该应用发送或接收的其它数据包,对特征码库或恶意服务器库进行更新和完善。In addition, it should be noted that after the security protection device determines that the application sending the data packet carries a malicious program, it can also intercept and analyze all the data packets sent or received by the application, and use other The data package is used to update and improve the signature database or malicious server database.
进一步地,在确定发送数据包的应用中携带恶意程序后,即可对该应用进行处理,比如,拦截该应用接收或者发送的数据包,或者将该应用进行卸载等。Further, after it is determined that the application sending the data packet carries a malicious program, the application can be processed, for example, intercepting the data packet received or sent by the application, or uninstalling the application.
即在上述S203之后,还可以包括:That is, after the above S203, it may also include:
S207,通过提示窗口,询问用户是否对发送所述数据包的应用进行卸载。S207. Through a prompt window, ask the user whether to uninstall the application that sends the data packet.
可以理解的是,安全防护装置,可以在确定发送数据包的应用中携带恶意程序后,直接将该应用进行卸载。也可以先通过弹窗等方式,提示用户该应用在访问恶意服务器,并通过提示窗口,询问用户是否要卸载该应用,若用户确定要卸载该应用,则再将应用进行卸载。It can be understood that the security protection device may directly uninstall the application after determining that the application sending the data packet carries a malicious program. It is also possible to first prompt the user that the application is accessing a malicious server through a pop-up window, and ask the user whether to uninstall the application through the prompt window. If the user is sure to uninstall the application, the application is then uninstalled.
本实施例提供的安全防护方法,首先通过监听终端设备中的虚拟网卡的网络接口,获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若不在,则再判断数据包对应的信息摘要,是否与预设的特征码库中的特征码匹配,若匹配,则确定发送该数据包的应用中携带恶意程序,并根据该数据中包含的目的服务器地址更新预设的地址库。由此,通过根据数据包中包括的目的服务器地址和该数据包的信息摘要,对数据包进行两次校验,不仅实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。而且,通过两次校验,提高了对恶意程序查杀的可靠性。In the security protection method provided in this embodiment, firstly, by monitoring the network interface of the virtual network card in the terminal device, the data packets of each application accessing the network in the terminal device are obtained, and then it is judged whether the destination server address contained in the data packet is at the preset address library, if not, then judge whether the information summary corresponding to the data packet matches the signature code in the preset signature code library, if it matches, determine that the application that sent the data packet carries a malicious program, and according to the data Update the default address library with the destination server address contained in . Therefore, by performing two checks on the data packet according to the destination server address included in the data packet and the information summary of the data packet, it not only realizes real-time and effective protection against constantly updated malicious applications, but also reduces Kill time, improve the security level of terminal equipment. Moreover, through two checks, the reliability of checking and killing malicious programs is improved.
为实现上述实施例提供的安全防护方法,本申请实施例再提供一种安全防护装置。In order to implement the safety protection method provided in the foregoing embodiments, the embodiment of the present application further provides a safety protection device.
图3是本申请一个实施例的安全防护装置的结构示意图。Fig. 3 is a schematic structural diagram of a safety protection device according to an embodiment of the present application.
如图3所示,该安全防护装置30,包括:As shown in Figure 3, the safety protection device 30 includes:
获取模块31,用于获取终端设备中各应用访问网络的数据包;An acquisition module 31, configured to acquire the data packets of each application accessing the network in the terminal device;
第一判断模块32,用于判断所述数据包中包含的目的服务器地址是否在预设的地址库中,其中预设的地址库中包括恶意服务器的地址;The first judging module 32 is used to judge whether the address of the destination server included in the data packet is in a preset address library, wherein the preset address library includes the address of a malicious server;
确定模块33,用于若所述目的地址在预设的地址库中,则确定发送所述数据包的应用中携带恶意程序。The determination module 33 is configured to determine that the application sending the data packet carries a malicious program if the destination address is in a preset address library.
其中,本实施例提供的安全防护装置30,可以被配置在任何具体操作系统、且可安装应用的终端设备中,用于执行如图1所示的安全防护方法。Wherein, the security protection device 30 provided in this embodiment can be configured in any terminal device with a specific operating system and on which applications can be installed, so as to execute the security protection method as shown in FIG. 1 .
具体的,获取模块31可以采用多种方式,获取终端设备中各应用访问网络的数据包。比如可以通过监控终端设备的网络接口,或者通过具有数据包拦截功能的软件等。Specifically, the obtaining module 31 may use various methods to obtain the data packets of each application in the terminal device accessing the network. For example, it can monitor the network interface of the terminal device, or use software with a data packet interception function.
在本申请一种可能的实现形式中,上述获取模块31,具体用于:In a possible implementation form of the present application, the above acquisition module 31 is specifically used for:
通过监测所述终端设备中的虚拟网卡的网络接口,获取终端设备中各应用访问网络的数据包。By monitoring the network interface of the virtual network card in the terminal device, the data packets of each application accessing the network in the terminal device are obtained.
需要说明的是,上述对图1所示的安全防护方法实施例的说明,也适用于本实施例提供的安全防护装置,此处不再赘述。It should be noted that, the above description of the embodiment of the safety protection method shown in FIG. 1 is also applicable to the safety protection device provided in this embodiment, and will not be repeated here.
本申请实施例提供的安全防护装置,首先获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若在,则确定发送该数据包的应用中携带恶意程序。由此,通过根据应用访问的目的服务器地址,对恶意应用进行查杀,实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。The security protection device provided by the embodiment of the present application first obtains the data packet of each application in the terminal device to access the network, and then judges whether the destination server address contained in the data packet is in the preset address library, and if so, determines to send the data Packaged applications carry malicious programs. Thus, by checking and killing malicious applications according to the address of the destination server accessed by the applications, real-time and effective protection of constantly updated malicious applications is realized, the time for checking and killing malicious applications is reduced, and the security level of terminal equipment is improved.
图4是本申请另一个实施例的安全防护装置的结构示意图。Fig. 4 is a schematic structural diagram of a safety protection device according to another embodiment of the present application.
如图4所示,在图3所示的基础上,该安全防护装置30,还包括:As shown in Figure 4, on the basis shown in Figure 3, the safety protection device 30 also includes:
提示模块41,用于通过提示窗口,询问用户是否对发送所述数据包的应用进行卸载。The prompt module 41 is configured to ask the user whether to uninstall the application sending the data packet through a prompt window.
具体的,安全防护装置30在确定发送数据包的应用中携带恶意程序后,即可提示并引导用户对该应用进行卸载。并且在将该应用卸载前,为了防止恶意程序破坏终端,或者窃取终端中的用户信息,可以先对该应用发送或者接收的数据包进行拦截,即该安全防护装置30,还包括:Specifically, after the security protection device 30 determines that the application sending the data packet carries a malicious program, it can prompt and guide the user to uninstall the application. And before the application is uninstalled, in order to prevent malicious programs from damaging the terminal or stealing user information in the terminal, the data packets sent or received by the application can be intercepted first, that is, the security protection device 30 also includes:
拦截模块42,用于将与发送所述数据包的应用,对应的所有数据包进行拦截或丢包处理。The interception module 42 is configured to intercept or discard all data packets corresponding to the application sending the data packets.
在本实施例一种可能的实现形式中,若数据包包含的目的地址,不在预设的地址库中,则还可以根据数据包的信息摘要,判断发送数据包的应用是否携带恶意程序,即该装置30,还包括:In a possible implementation form of this embodiment, if the destination address contained in the data packet is not in the preset address library, it is also possible to judge whether the application sending the data packet carries a malicious program according to the information summary of the data packet, that is, The device 30, further comprising:
第二判断模块43,用于若所述数据包包含的目的地址不在预设的地址库中,则判断所述数据包对应的信息摘要,是否与预设的特征码库中的特征码匹配;The second judging module 43 is used to determine whether the information abstract corresponding to the data packet matches the signature in the preset signature database if the destination address included in the data packet is not in the preset address library;
相应的,所述确定模块33,还用于若所述数据包对应的信息摘要与预设的特征吗库中的特征码匹配,则确定发送所述数据包的应用中携带恶意程序。Correspondingly, the determination module 33 is further configured to determine that the application sending the data packet carries a malicious program if the information digest corresponding to the data packet matches the signature code in the preset signature library.
进一步地,在根据数据包的信息摘要,确定发送数据包的应用携带恶意程序后,还可以对预设的地址库进行更新,即该装置30,还包括:Further, after determining that the application sending the data packet carries a malicious program according to the information summary of the data packet, the preset address library can also be updated, that is, the device 30 also includes:
添加模块44,用于将所述数据包中包括的目的服务器地址,添加至所述预设的地址库中。The adding module 44 is configured to add the destination server address included in the data packet to the preset address library.
需要说明的是,上述对图2所示的安全防护方法实施例的说明,也适用于本实施例提供的安全防护装置,此处不再赘述。It should be noted that, the above description of the embodiment of the safety protection method shown in FIG. 2 is also applicable to the safety protection device provided in this embodiment, and will not be repeated here.
本实施例提供的安全防护装置,首先通过监听终端设备中的虚拟网卡的网络接口,获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若不在,则再判断数据包对应的信息摘要,是否与预设的特征码库中的特征码匹配,若匹配,则确定发送该数据包的应用中携带恶意程序,并根据该数据中包含的目的服务器地址更新预设的地址库。由此,通过根据数据包中包括的目的服务器地址和该数据包的信息摘要,对数据包进行两次校验,不仅实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。而且,通过两次校验,提高了对恶意程序查杀的可靠性。The security protection device provided in this embodiment first obtains the data packets of each application accessing the network in the terminal device by monitoring the network interface of the virtual network card in the terminal device, and then judges whether the destination server address contained in the data packet is at the preset address library, if not, then judge whether the information summary corresponding to the data packet matches the signature code in the preset signature code library, if it matches, determine that the application that sent the data packet carries a malicious program, and according to the data Update the default address library with the destination server address contained in . Therefore, by performing two checks on the data packet according to the destination server address included in the data packet and the information summary of the data packet, it not only realizes real-time and effective protection against constantly updated malicious applications, but also reduces Kill time, improve the security level of terminal equipment. Moreover, through two checks, the reliability of checking and killing malicious programs is improved.
图5为本申请一个实施例提供的终端设备结构示意图。FIG. 5 is a schematic structural diagram of a terminal device provided by an embodiment of the present application.
如图5所示,该终端设备5,包括:As shown in Figure 5, the terminal device 5 includes:
处理器51;Processor 51;
和用于存储所述处理器51的执行程序的存储器52;and a memory 52 for storing the execution program of the processor 51;
其中,所述处理器51,被配置为执行以下方法:Wherein, the processor 51 is configured to perform the following method:
获取终端设备中各应用访问网络的数据包;Obtain the data packets of each application in the terminal device to access the network;
判断所述数据包中包含的目的服务器地址是否在预设的地址库中,其中预设的地址库中包括恶意服务器的地址;judging whether the destination server address included in the data packet is in a preset address library, wherein the preset address library includes an address of a malicious server;
若是,则确定发送所述数据包的应用中携带恶意程序。If yes, it is determined that the application sending the data packet carries a malicious program.
具体的,处理器51通常可以包括一个或多个模块,便于处理组件51和其他组件之间的交互。例如,处理组件51可以包括通讯模块,以方便与存储器52进行交互,从存储器52中获取程序。Specifically, the processor 51 may generally include one or more modules to facilitate interaction between the processing component 51 and other components. For example, the processing component 51 may include a communication module to facilitate interaction with the storage 52 and acquire programs from the storage 52 .
存储器52被配置为存储各种类型的数据以支持在终端设备5中的操作。这些数据的示例包括被配置为在终端设备5上操作的任何应用程序或方法的指令。存储器52可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。The memory 52 is configured to store various types of data to support operations in the terminal device 5 . Examples of such data include instructions of any application or method configured to operate on the terminal device 5 . Memory 52 can be realized by any type of volatile or nonvolatile storage device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.
可以理解的是,该终端设备5中,还包括电源组件53,其用于为终端设备5的各种组件提供电力。电源组件53可以包括电源管理系统,一个或多个电源,及其他与为终端设备5生成、管理和分配电力相关联的组件。It can be understood that the terminal device 5 further includes a power supply component 53 for providing power to various components of the terminal device 5 . The power supply component 53 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the terminal device 5 .
另外,该终端设备5还可以包括多媒体组件54,比如在终端设备5和用户之间的提供一个输出接口的触控显示屏。在一些实施例中,触控显示屏可以包括液晶显示器(LCD)和触摸面板(TP)。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。所述触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与所述触摸或滑动操作相关的持续时间和压力。In addition, the terminal device 5 may also include a multimedia component 54, such as a touch screen that provides an output interface between the terminal device 5 and the user. In some embodiments, the touch display may include a liquid crystal display (LCD) and a touch panel (TP). The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may not only sense a boundary of a touch or swipe action, but also detect duration and pressure associated with the touch or swipe action.
进一步地,该终端设备5,还可以包括:输入/输出(I/O)接口55,用于为处理器51和外围接口模块之间提供接口,上述外围接口模块可以是键盘,按钮等。Further, the terminal device 5 may also include: an input/output (I/O) interface 55 for providing an interface between the processor 51 and a peripheral interface module, and the above peripheral interface module may be a keyboard, a button, and the like.
还包括:通信组件56,被配置为便于终端设备5和其他设备之间有线或无线方式的通信。终端设备5可以接入基于通信标准的无线网络,如WiFi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件56经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。It also includes: a communication component 56 configured to facilitate wired or wireless communication between the terminal device 5 and other devices. The terminal device 5 can access a wireless network based on communication standards, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 56 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel.
在示例性实施例中,终端设备5可以被一个或多个应用专用集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理设备(DSPD)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、控制器、微控制器、微处理器或其他电子元件实现,被配置为执行上述消息处理方法。In an exemplary embodiment, the terminal device 5 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable A programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic component implementation configured to perform the message processing method described above.
需要说明的是,前述对安全防护方法实施例的解释说明也适用于该实施例的终端设备,其实现原理类似,此处不再赘述。It should be noted that the foregoing explanations of the embodiment of the security protection method are also applicable to the terminal device of this embodiment, and the implementation principles thereof are similar, so details are not repeated here.
本申请实施例提供的终端设备,首先获取终端设备中各应用访问网络的数据包,然后判断数据包中包含的目的服务器地址是否在预设的地址库中,若在,则确定发送该数据包的应用中携带恶意程序。由此,通过根据应用访问的目的服务器地址,对恶意应用进行查杀,实现了对不断更新的恶意应用的实时和有效防护,减少了恶意应用查杀的时间,提高了终端设备的安全级别。The terminal device provided by the embodiment of the present application firstly obtains the data packet of each application in the terminal device accessing the network, and then judges whether the destination server address contained in the data packet is in the preset address library, and if so, determines to send the data packet apps that carry malicious programs. Thus, by checking and killing malicious applications according to the address of the destination server accessed by the applications, real-time and effective protection of constantly updated malicious applications is realized, the time for checking and killing malicious applications is reduced, and the security level of terminal equipment is improved.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本申请的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。In the description of this specification, descriptions with reference to the terms "one embodiment", "some embodiments", "example", "specific examples", or "some examples" mean that specific features described in connection with the embodiment or example , structure, material or characteristic is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the described specific features, structures, materials or characteristics may be combined in any suitable manner in any one or more embodiments or examples. In addition, those skilled in the art can combine and combine different embodiments or examples and features of different embodiments or examples described in this specification without conflicting with each other.
此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。在本申请的描述中,“多个”的含义是至少两个,例如两个,三个等,除非另有明确具体的限定。In addition, the terms "first" and "second" are used for descriptive purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly specifying the quantity of indicated technical features. Thus, the features defined as "first" and "second" may explicitly or implicitly include at least one of these features. In the description of the present application, "plurality" means at least two, such as two, three, etc., unless otherwise specifically defined.
流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本申请的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本申请的实施例所属技术领域的技术人员所理解。Any process or method descriptions in flowcharts or otherwise described herein may be understood to represent modules, segments or portions of code comprising one or more executable instructions for implementing specific logical functions or steps of the process , and the scope of preferred embodiments of the present application includes additional implementations in which functions may be performed out of the order shown or discussed, including in substantially simultaneous fashion or in reverse order depending on the functions involved, which shall It should be understood by those skilled in the art to which the embodiments of the present application belong.
本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。Those of ordinary skill in the art can understand that all or part of the steps carried by the methods of the above embodiments can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium. During execution, one or a combination of the steps of the method embodiments is included.
上述提到的存储介质可以是只读存储器,磁盘或光盘等。尽管上面已经示出和描述了本申请的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本申请的限制,本领域的普通技术人员在本申请的范围内可以对上述实施例进行变化、修改、替换和变型。The storage medium mentioned above may be a read-only memory, a magnetic disk or an optical disk, and the like. Although the embodiments of the present application have been shown and described above, it can be understood that the above embodiments are exemplary and should not be construed as limitations on the present application, and those skilled in the art can make the above-mentioned The embodiments are subject to changes, modifications, substitutions and variations.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610873954.2ACN106302531B (en) | 2016-09-30 | 2016-09-30 | Safety protection method, device and terminal equipment |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610873954.2ACN106302531B (en) | 2016-09-30 | 2016-09-30 | Safety protection method, device and terminal equipment |
| Publication Number | Publication Date |
|---|---|
| CN106302531Atrue CN106302531A (en) | 2017-01-04 |
| CN106302531B CN106302531B (en) | 2021-04-27 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610873954.2AExpired - Fee RelatedCN106302531B (en) | 2016-09-30 | 2016-09-30 | Safety protection method, device and terminal equipment |
| Country | Link |
|---|---|
| CN (1) | CN106302531B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109462503A (en)* | 2018-11-09 | 2019-03-12 | 中国联合网络通信集团有限公司 | A kind of data detection method and device |
| CN110971575A (en)* | 2018-09-29 | 2020-04-07 | 北京金山云网络技术有限公司 | Malicious request identification method, apparatus, electronic device and computer storage medium |
| CN111597557A (en)* | 2020-06-30 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Malicious application detection method, system, device, equipment and storage medium |
| CN112084501A (en)* | 2020-09-18 | 2020-12-15 | 珠海豹趣科技有限公司 | Malicious program detection method and device, electronic device and storage medium |
| CN116361735A (en)* | 2023-03-14 | 2023-06-30 | 湖南海龙国际智能科技股份有限公司 | Intelligent operation and maintenance decision method for facilities based on big data and artificial intelligence |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101572713A (en)* | 2009-06-10 | 2009-11-04 | 成都市华为赛门铁克科技有限公司 | Method for detecting worm and system thereof |
| CN102571812A (en)* | 2011-12-31 | 2012-07-11 | 成都市华为赛门铁克科技有限公司 | Tracking and identification method and apparatus for network threats |
| US20130007882A1 (en)* | 2011-06-28 | 2013-01-03 | The Go Daddy Group, Inc. | Methods of detecting and removing bidirectional network traffic malware |
| CN103442361A (en)* | 2013-09-09 | 2013-12-11 | 北京网秦天下科技有限公司 | Method for detecting safety of mobile application, and mobile terminal |
| CN103500310A (en)* | 2013-09-29 | 2014-01-08 | 北京金山网络科技有限公司 | Method and system for protecting electronic device |
| CN103957201A (en)* | 2014-04-18 | 2014-07-30 | 上海聚流软件科技有限公司 | Method, device and system for processing domain name information based on DNS |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101572713A (en)* | 2009-06-10 | 2009-11-04 | 成都市华为赛门铁克科技有限公司 | Method for detecting worm and system thereof |
| US20130007882A1 (en)* | 2011-06-28 | 2013-01-03 | The Go Daddy Group, Inc. | Methods of detecting and removing bidirectional network traffic malware |
| CN102571812A (en)* | 2011-12-31 | 2012-07-11 | 成都市华为赛门铁克科技有限公司 | Tracking and identification method and apparatus for network threats |
| CN103442361A (en)* | 2013-09-09 | 2013-12-11 | 北京网秦天下科技有限公司 | Method for detecting safety of mobile application, and mobile terminal |
| CN103500310A (en)* | 2013-09-29 | 2014-01-08 | 北京金山网络科技有限公司 | Method and system for protecting electronic device |
| CN103957201A (en)* | 2014-04-18 | 2014-07-30 | 上海聚流软件科技有限公司 | Method, device and system for processing domain name information based on DNS |
| Title |
|---|
| 贝小玲: "基于android的VPN通用数据处理平台的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110971575A (en)* | 2018-09-29 | 2020-04-07 | 北京金山云网络技术有限公司 | Malicious request identification method, apparatus, electronic device and computer storage medium |
| CN109462503A (en)* | 2018-11-09 | 2019-03-12 | 中国联合网络通信集团有限公司 | A kind of data detection method and device |
| CN109462503B (en)* | 2018-11-09 | 2022-04-26 | 中国联合网络通信集团有限公司 | A data detection method and device |
| CN111597557A (en)* | 2020-06-30 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Malicious application detection method, system, device, equipment and storage medium |
| CN111597557B (en)* | 2020-06-30 | 2024-08-09 | 腾讯科技(深圳)有限公司 | Method, system, device, equipment and storage medium for detecting malicious application program |
| CN112084501A (en)* | 2020-09-18 | 2020-12-15 | 珠海豹趣科技有限公司 | Malicious program detection method and device, electronic device and storage medium |
| CN112084501B (en)* | 2020-09-18 | 2024-06-25 | 珠海豹趣科技有限公司 | Malicious program detection method and device, electronic equipment and storage medium |
| CN116361735A (en)* | 2023-03-14 | 2023-06-30 | 湖南海龙国际智能科技股份有限公司 | Intelligent operation and maintenance decision method for facilities based on big data and artificial intelligence |
| Publication number | Publication date |
|---|---|
| CN106302531B (en) | 2021-04-27 |
| Publication | Publication Date | Title |
|---|---|---|
| US11853414B2 (en) | Mitigation of return-oriented programming attacks | |
| CN103632096B (en) | A kind of method and apparatus that safety detection is carried out to equipment | |
| US10169585B1 (en) | System and methods for advanced malware detection through placement of transition events | |
| US10334083B2 (en) | Systems and methods for malicious code detection | |
| US10339300B2 (en) | Advanced persistent threat and targeted malware defense | |
| US9015829B2 (en) | Preventing and responding to disabling of malware protection software | |
| CN103390130B (en) | Based on the method for the rogue program killing of cloud security, device and server | |
| US8347380B1 (en) | Protecting users from accidentally disclosing personal information in an insecure environment | |
| US8966632B1 (en) | In-the-cloud sandbox for inspecting mobile applications for malicious content | |
| CN106302531A (en) | Safety protection method and device and terminal equipment | |
| CN102882875B (en) | Active defense method and device | |
| EP3430556A1 (en) | System and method for process hollowing detection | |
| US20130145472A1 (en) | Preventing Execution of Task Scheduled Malware | |
| JP6030566B2 (en) | Unauthorized application detection system and method | |
| US20200236119A1 (en) | Threat detection and security for edge devices | |
| CN103793649A (en) | Method and device for cloud-based safety scanning of files | |
| CN107330328B (en) | Method and device for defending against virus attack and server | |
| US9910983B2 (en) | Malware detection | |
| CN111177727B (en) | Vulnerability detection method and device | |
| JP6096389B2 (en) | Detection device, detection method, and detection program | |
| CN105095758A (en) | Processing method and device for lock-screen application program and mobile terminal | |
| US8499351B1 (en) | Isolated security monitoring system | |
| CN102857519B (en) | Active defensive system | |
| US9696940B1 (en) | Technique for verifying virtual machine integrity using hypervisor-based memory snapshots | |
| TW201633205A (en) | Systems and methods for malicious code detection |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20210427 |