CN104484608A - Application-based message processing method and application-based message processing device - Google Patents
Application-based message processing method and application-based message processing device Download PDFInfo
- Publication number
- CN104484608A CN104484608A CN201410784718.4A CN201410784718A CN104484608A CN 104484608 A CN104484608 A CN 104484608A CN 201410784718 A CN201410784718 A CN 201410784718A CN 104484608 A CN104484608 A CN 104484608A
- Authority
- CN
- China
- Prior art keywords
- application program
- message
- application
- type
- described message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention provides an application-based message processing method and an application-based message processing device. The method includes the following steps: messages which are transmitted between applications are detected, wherein the messages have types; whether the applications receiving the messages are characteristic applications is judged; when the applications receiving the messages are the characteristic applications, whether the types of the messages are characteristic types is judged; when the types of the messages are the characteristic types, corresponding security processing is carried out. The embodiment of the invention carries out security processing by calling the corresponding processing method, layer-by-layer filtration is not needed, message processing is simple, the development threshold of applications cannot be increased, and meanwhile, the protection of applications is realized.
Description
Technical field
The present invention relates to communication technique field, particularly relate to a kind of message treatment method of application program and a kind of message processing apparatus of application program.
Background technology
Windows is a message (Message) drive-type system, and windows messaging provides between application program and application program, carry out the means of communication between application program and Windows system.The function that application program will realize is triggered by message, and has come by the response of message and process.
Have two kinds of message queues in Windows system, one is system message queue, and another kind is application messages queue.
A lot of application program uses message to operate, and such as subprogram uses the message of " copydata " type in message to send code and performs, or performs specific operation according to particular message, and the click of control is also all depend on message.
If application program exists message leak, the camouflage of other malicious application sends message to it, then likely there will be the behavior outside expectation, bring potential safety hazard to the operation of application program.
Such as, certain system supervisor, function is for deleting arbitrary file, and itself is no problem, can obtain the certification of safety applications.If the master routine of safety applications is revised as in the path of file to be deleted by rogue program to its transmission settext message, then send command Message Simulation and click " pulverizing " button, so the master routine of safety applications just may be deleted.
If distrust that this type of is with the application program of message leak, filters all message, operating system can be caused slack-off, and need to use loaded down with trivial details message mechanism, improve programming threshold.
If but do not add protection, so use the leaky application program of the band of message-driven just may be utilized, security is low.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or a kind of message treatment method based on application program solved the problem at least in part and a kind of message processing apparatus based on application program accordingly.
According to one aspect of the present invention, provide a kind of message treatment method based on application program, comprising:
Detect the message transmitted among applications, wherein said message has type;
Judge whether the application program receiving described message is characteristic application program;
When the application program receiving described message is characteristic application program, judge whether the type of described message is characteristic type; And
When the type of described message is characteristic type, carry out corresponding safe handling.
Alternatively, before the message that described detection is transmitted among applications, described method also comprises:
When application program launching being detected, extract the fisrt feature information of described application program;
Described fisrt feature information is sent to server;
Receive described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label, wherein said second feature information is the characteristic information of characteristic application program; And
To application tags described in described application deployment.
Alternatively, whether the described application program judging to receive described message is that the step of characteristic application program comprises:
Judge whether the application program receiving described message has application tags; And
If so, then judge that the application program receiving described message is characteristic application program.
Alternatively, whether the described type judging described message is that the step of characteristic type comprises:
The type judging described message whether with described type of message tag match; And
If so, then judge that the type of described message is characteristic type.
Alternatively, the step of carrying out corresponding safe handling described in comprises:
Corresponding safe handling is carried out according to the application tags of the application program receiving described message.
Alternatively, the step that the described application tags of application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the first label, generate the safety instruction information of the application program for the application program and the described message of transmission receiving described message.
Alternatively, the step that the described application tags of application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the second label, remove the safety label of the application program receiving described message.
Alternatively, the step that the described application tags of application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the 3rd label, be sent to server by receiving the information of the application program of described message, the information sending the application program of described message and described message;
Receive that described server returns, for receive described message application program information, send the information of the application program of described message and the operation information of described message; And
Safe handling is carried out according to described operation information.
According to a further aspect in the invention, provide a kind of message processing apparatus based on application program, comprising:
Detection module, be suitable for detecting the message transmitted among applications, wherein said message has type;
First judge module, whether the application program being suitable for judging to receive described message is characteristic application program;
Second judge module, is suitable for, when the application program of the described message of reception is characteristic application program, judging whether the type of described message is characteristic type; And
Secure processing module, is suitable for when the type of described message is characteristic type, carries out corresponding safe handling.
Alternatively, described device also comprises:
Extraction module, is suitable for when application program launching being detected, extracts the fisrt feature information of described application program;
Sending module, is suitable for described fisrt feature information to be sent to server;
Receiver module, is suitable for receiving described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label; Described second feature information is the characteristic information of characteristic application program; And
Configuration module, is suitable for application tags described in described application deployment.
Alternatively, described first judge module is also suitable for:
Judge whether the application program receiving described message has application tags; And
If so, then judge that the application program receiving described message is characteristic application program.
Alternatively, described second judge module is also suitable for:
The type judging described message whether with described type of message tag match; And
If so, then judge that the type of described message is characteristic type.
Alternatively, described secure processing module is also suitable for:
Corresponding safe handling is carried out according to the application tags of the application program receiving described message.
Alternatively, described secure processing module is also suitable for:
When the application tags of the application program receiving described message is the first label, generate the safety instruction information of the application program for the application program and the described message of transmission receiving described message.
Alternatively, described secure processing module is also suitable for:
When the application tags of the application program receiving described message is the second label, remove the safety label of the application program receiving described message.
Alternatively, described secure processing module is also suitable for:
When the application tags of the application program receiving described message is the 3rd label, be sent to server by receiving the information of the application program of described message, the information sending the application program of described message and described message;
Receive that described server returns, for receive described message application program information, send the information of the application program of described message and the operation information of described message; And
Safe handling is carried out according to described operation information.
The embodiment of the present invention detects the message transmitted among applications, be characteristic application program in the application program of receipt message, when the type of this message is characteristic type, can represent that this application program may exist message leak, current message may utilize this message leak, need to carry out corresponding safe handling, safe handling is carried out by calling corresponding disposal route, do not need to filter layer by layer, processing messages is simple, Develop Application System threshold can't be improved, achieve the protection of application programs simultaneously.
The embodiment of the present invention is when application program launching being detected; extract the fisrt feature information of described application program; the application tags that reception server returns when judging described fisrt feature information and second feature information matches and type of message label; application programs configuring application program label; effectively ensure that application program security operationally; for application program provides comprehensive safeguard protection, start with making application security, run.
The embodiment of the present invention is by dividing danger classes; the safe handling of the generation safety instruction information that invokes application label is corresponding, different levels such as removal safety label, server detection etc.; further ensure the quick and easy of safe handling, accurately, comprehensively protect for application program provides.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 is a kind of according to an embodiment of the invention steps flow chart schematic diagram of the message treatment method embodiment 1 based on application program;
Fig. 2 is a kind of according to an embodiment of the invention steps flow chart schematic diagram of the message treatment method embodiment 2 based on application program; And
Fig. 3 is a kind of according to an embodiment of the invention block schematic diagram of the message processing apparatus embodiment based on application program.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
With reference to Fig. 1, show a kind of according to an embodiment of the invention flow chart of steps of the message treatment method embodiment 1 based on application program, specifically can comprise the steps:
Step 101, detect the message transmitted among applications, wherein said message has type;
Step 102, judges whether the application program receiving described message is characteristic application program;
Step 103, when the application program of described message is characteristic application program, judges whether the type of described message is characteristic type; And
Step 104, when the type of described message is characteristic type, carries out corresponding safe handling.
The embodiment of the present invention detects the message transmitted among applications, be characteristic application program in the application program of receipt message, when the type of this message is characteristic type, can represent that this application program may exist message leak, current message may utilize this message leak, need to carry out corresponding safe handling, safe handling is carried out by calling corresponding disposal route, do not need to filter layer by layer, processing messages is simple, Develop Application System threshold can't be improved, achieve the protection of application programs simultaneously.
With reference to Fig. 2, show a kind of according to an embodiment of the invention flow chart of steps of the message treatment method embodiment 2 based on application program, specifically can comprise the steps:
Step 201, when application program launching being detected, extracts the fisrt feature information of described application program;
In the embodiment of the present invention, the application program of current startup can be undertaken triggering by the operation of user, and such as, user triggers the startup of application program by double mouse click shortcut; Also can be triggered by other application programs or service, such as, when download tool download file completes, security tool can be called security sweep is carried out to this file; Can also trigger startup by other means, the embodiment of the present invention is not limited this.
In specific implementation, can, by the system function of specifying in callback operation system, as PsSetCreateProcessNotifyRoutine etc., allow operating system notify this system function, with know application program process initiation, the information such as to exit.
Certainly, can also link up with opportunity and information that the system functions such as (Hook) CreateProcess get the process initiation of application program in the embodiment of the present invention, the embodiment of the present invention is not limited this.
Client, at detection application program launching, can extract its fisrt feature information, and whether this fisrt feature information is the application program needing protection for detecting this application program.
Wherein, fisrt feature information, can for characterizing the information of the feature of the application program of current startup, specifically can comprise process name, parent process name, process file summary info (Message-DigestAlgorithm 5, MD5), process file version information, fuzzy hash (cryptographic hash) etc.
Step 202, is sent to server by described fisrt feature information;
The application embodiment of the present invention, can analyze different application programs in advance, when analyzing this application program and may there is message leak, judge that it is characteristic application program, namely may there is the application program of message leak; Extract its second feature information, be stored in the database of server, use for subsequent detection.
It should be noted that, message leak can refer to illegally to be utilized the defect that Effect-based operation causes by other application programs such as rogue programs, causes potential safety hazard to current application program, system, user data etc.
In a lot of sight, application program itself is safe, and it is also safe for not necessarily representing its behavior, and it may exist unsafe behavior that Effect-based operation leak causes, and as interconnection network, unlatching are made a video recording first-class, these behaviors may be utilized by other rogue programs.
Such as, certain means of payment is safe, and it has bank transfer function, fishing program can send normal message to these means of payment, this Message Processing related service trusted by these means of payment, by transfer of financial resources in the account of unauthorized person, causes user's loss.
In the embodiment of the present invention, fisrt feature information can be sent to server by client, and whether detect current application program by server is the application program needing protection.
Step 203, receives described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label; Described second feature information is the characteristic information of characteristic application program;
The fisrt feature information that server receives client sends, then can mate with the second feature information gathered in advance, this second feature information can be the information of the feature of characteristic feature application program, specifically can comprise process name, parent process name, process file summary info (Message-Digest Algorithm5, MD5), process file version information, fuzzy hash (cryptographic hash) etc.
When fisrt feature information and second feature information matches; can think that the application program of current startup is characteristic application program; namely the application program of message leak may be there is; this application program operationally; may be utilized by the message (i.e. the type of message of specified type) with risk by other application programs; there is harm to the performance of equipment and individual privacy, need to protect it.
Such as, the message of command Copydata type can indicate application copy data, may be utilized steal the significant data such as account, password by rogue program.
Again such as, the message of settext type can indicate application program to arrange text message, may be utilized delete local security tool by rogue program.
In embodiments of the present invention, can according to the hazard level of message leak, one or more harmful grade is divided to the application program may with message leak, such as, the application program with the message leak of other application programs of complete deletion belongs to the first estate, the application program with the message leak of other application programs of amendment belongs to the second grade, and the application program with the message leak of other application programs of temporary close belongs to the tertiary gradient.
Each harmful grade can configure corresponding application tags, and to needing the type of message configuration messages type label of specifying of monitoring.
Server matches confirms that the application program of current startup is characteristic application program, then can return application tags and the type of message label of the application matches of current startup to client.
Such as, server can return msg1:1 to client, and 2,3, msg2:4,5,6, msg3:7,8,9; Wherein, msg1, msg2, msg3 can be application tags, colon below can be type of message label with CSV.
Msg1 mark comprises 1,2,3 in this example, then can represent 1,2, the message of 3 these three types is monitored.
Step 204, to application tags described in described application deployment;
In embodiments of the present invention, client receives the application tags that server returns, then can to this application tags of this application deployment, to realize its monitoring, protection.
The embodiment of the present invention is when application program launching being detected; extract the fisrt feature information of described application program; the application tags that reception server returns when judging described fisrt feature information and second feature information matches and type of message label; application programs configuring application program label; effectively ensure that application program security operationally; for application program provides comprehensive safeguard protection, start with making application security, run.
Step 205, detect the message transmitted among applications, wherein said message has type;
Message, can be defined by the structure of a MSG by name, comprises window handle (HWND), message id (UINT), parameter (WPARAM, LPARAM) etc.
The example of message can be as follows:
struct MSG
{
HWND hwnd;
UINT message;
WPARAM wParam;
LPARAM lParam;
DWORD time;
POINT pt;
};
In actual applications, message itself passes to application program as a record, contains type and other information of message in this record.
Message id is the type identifier of message, is defined by system or application program, and message id is that message has divided type, and the type in above-mentioned message examples is message.
Message can be sent by Windows system, also can be sent by application program itself.
Further, the transmission of message can call realization by Message function, relatively more conventional has PostMessage (), SendMessage (), also has the function of some Post* or Send* in addition, and the caller of Message function can for sending the application program of message.
In embodiments of the present invention, (Hook) Message function can be linked up with at kernel, such as, postmessage, sendmessage etc., different function process is distributed to, to tackle the message transmitted among applications according to system service calling ID.
Step 206, judges whether the application program receiving described message has application tags; If so, then step 207 is performed;
Step 207, judges that the application program receiving described message is characteristic application program.
If the application program of receipt message has application tags, then can represent that the application program of receipt message may have message leak.
Step 208, the type judging described message whether with described type of message tag match; If so, then step 209 is performed;
Step 209, judges that the type of described message is characteristic type.
If the type of message and type of message tag match, then can think that this message may utilize the message leak of the application program of receipt message, may hazardous act be carried out, need to carry out safe handling.
Step 210, carries out corresponding safe handling according to the application tags of the application program receiving described message.
The application embodiment of the present invention can be safe handling mode corresponding to the application deployment of each harmful grade in advance.When detecting the application tags corresponding with harmful grade, safe handling can be carried out according to the safe handling mode preset.
In a kind of embodiment of the present invention, step 210 can comprise following sub-step:
Sub-step S11, when the application tags of the application program receiving described message is the first label, generates the safety instruction information of the application program for the application program and the described message of transmission receiving described message.
In embodiments of the present invention, the harmful grade that the first label identifies is lower, correspondingly, can point out user, and other application programs may utilize the message leak of current application program.
Such as, can point out " certain software want revise allocation of computer, allow? "
In a kind of embodiment of the present invention, step 210 can comprise following sub-step:
Sub-step S21, when the application tags of the application program receiving described message is the second label, removes the safety label of the application program receiving described message.
In embodiments of the present invention, security sweep can be carried out by the application programs such as fire wall, security tool, when this application program is by security sweep, can is its configuration safety label, represents the safety of this application program own.
Usually, when application program has safety label, fire wall, security tool etc. think that it is credible, less to frequency, the dynamics of its monitoring, to reduce the resource occupation of terminal.
The harmful grade that second label identifies is higher, correspondingly, can remove the safety label of current application program, to strengthen its monitoring.
In a kind of embodiment of the present invention, step 210 can comprise following sub-step:
Sub-step S31, when the application tags of the application program receiving described message is the 3rd label, is sent to server by receiving the information of the application program of described message, the information sending the application program of described message and described message;
Sub-step S32, receives that described server returns, for receive described message application program information, send the information of the application program of described message and the operation information of described message;
Sub-step S33, carries out safe handling according to described operation information.
In embodiments of the present invention, the danger classes that 3rd label identifies is for unknown, this locality does not formerly arrange corresponding safe handling mode, the information of the application program of receipt message, the information of application program sending message and the content of message is needed to be sent to server, by server based on large data analysis, analyze the result of most of behavior, return operation information according to analysis result.
Such as, when server analysis obtains the account number cipher that current message may read user, have higher danger, then can return block (freezing, lock the example of behavior), client blocks this message according to this block.
Certainly, above-mentioned safe handling just exemplarily, when implementing the embodiment of the present invention, can arrange other safe handlings according to actual conditions, and such as, draw the application program of black transmission message, start virus scan etc., the embodiment of the present invention is not limited this.In addition, except above-mentioned safe handling, those skilled in the art can also adopt other safe handling according to actual needs, and the embodiment of the present invention is not also limited this.
The embodiment of the present invention is by dividing danger classes; the safe handling of the generation safety instruction information that invokes application label is corresponding, different levels such as removal safety label, server detection etc.; further ensure the quick and easy of safe handling, accurately, comprehensively protect for application program provides.
For embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the embodiment of the present invention is not by the restriction of described sequence of movement, because according to the embodiment of the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action might not be that the embodiment of the present invention is necessary.
With reference to Fig. 3, show a kind of according to an embodiment of the invention calcspar of the message processing apparatus embodiment based on application program, specifically can comprise as lower module:
Detection module 301, be suitable for detecting the message transmitted among applications, wherein said message has type;
First judge module 302, whether the application program being suitable for judging to receive described message is characteristic application program;
Second judge module 303, is suitable for when the application program of described message is characteristic application program, judges whether the type of described message is characteristic type; And
Secure processing module 304, is suitable for when the type of described message is characteristic type, carries out corresponding safe handling.
In a kind of embodiment of the present invention, can also comprise as lower module:
Extraction module, is suitable for when application program launching being detected, extracts the fisrt feature information of described application program;
Sending module, is suitable for described fisrt feature information to be sent to server;
Receiver module, is suitable for receiving described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label; Described second feature information is the characteristic information of characteristic application program; And
Configuration module, is suitable for application tags described in described application deployment.
In a kind of embodiment of the present invention, described first judge module 302 can also be suitable for:
Judge whether the application program receiving described message has application tags; If so, then judge that the application program receiving described message is characteristic application program.
In a kind of embodiment of the present invention, described second judge module 303 can also be suitable for:
The type judging described message whether with described type of message tag match; If so, then judge that the type of described message is characteristic type.
In a kind of embodiment of the present invention, described secure processing module 304 can also be suitable for:
Corresponding safe handling is carried out according to the application tags of the application program receiving described message.
In a kind of embodiment of the present invention, described secure processing module 304 can also be suitable for:
When the application tags of the application program receiving described message is the first label, generate the safety instruction information of the application program for the application program and the described message of transmission receiving described message.
In a kind of embodiment of the present invention, described secure processing module 304 can also be suitable for:
When the application tags of the application program receiving described message is the second label, remove the safety label of the application program receiving described message.
In a kind of embodiment of the present invention, described secure processing module 304 can also be suitable for:
When the application tags of the application program receiving described message is the 3rd label, be sent to server by receiving the information of the application program of described message, the information sending the application program of described message and described message;
Receive that described server returns, for receive described message application program information, send the information of the application program of described message and the operation information of described message;
Safe handling is carried out according to described operation information.
For device embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be implemented when not having part or all of these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions based on the some or all parts in the message processing device of application program that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " or " comprising " is not got rid of existence and do not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
The embodiment of the invention discloses A1, a kind of message treatment method based on application program, comprising:
Detect the message transmitted among applications, wherein said message has type;
Judge whether the application program receiving described message is characteristic application program;
When the application program receiving described message is characteristic application program, judge whether the type of described message is characteristic type; And
When the type of described message is characteristic type, carry out corresponding safe handling.
A2, method as described in A1, before the message that described detection is transmitted among applications, described method also comprises:
When application program launching being detected, extract the fisrt feature information of described application program;
Described fisrt feature information is sent to server;
Receive described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label, wherein said second feature information is the characteristic information of characteristic application program; And
To application tags described in described application deployment.
A3, method as described in A1 or A2, whether the application program that described judgement receives described message is that the step of characteristic application program comprises:
Judge whether the application program receiving described message has application tags; And
If so, then judge that the application program receiving described message is characteristic application program.
A4, method as described in A1 or A2, whether the described type judging described message is that the step of characteristic type comprises:
The type judging described message whether with described type of message tag match; And
If so, then judge that the type of described message is characteristic type.
A5, method as described in A1 or A2, described in carry out corresponding safe handling step comprise:
Corresponding safe handling is carried out according to the application tags of the application program receiving described message.
A6, method as described in A5, the step that the application tags of the described application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the first label, generate the safety instruction information of the application program for the application program and the described message of transmission receiving described message.
A7, method as described in A5, the step that the application tags of the described application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the second label, remove the safety label of the application program receiving described message.
A8, method as described in A5, the step that the application tags of the described application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the 3rd label, be sent to server by receiving the information of the application program of described message, the information sending the application program of described message and described message;
Receive that described server returns, for receive described message application program information, send the information of the application program of described message and the operation information of described message; And
Safe handling is carried out according to described operation information.
The embodiment of the invention also discloses B9, a kind of message processing apparatus based on application program, comprising:
Detection module, be suitable for detecting the message transmitted among applications, wherein said message has type;
First judge module, whether the application program being suitable for judging to receive described message is characteristic application program;
Second judge module, is suitable for, when the application program of the described message of reception is characteristic application program, judging whether the type of described message is characteristic type; And
Secure processing module, is suitable for when the type of described message is characteristic type, carries out corresponding safe handling.
B10, device as described in B9, also comprise:
Extraction module, is suitable for when application program launching being detected, extracts the fisrt feature information of described application program;
Sending module, is suitable for described fisrt feature information to be sent to server;
Receiver module, is suitable for receiving described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label; Described second feature information is the characteristic information of characteristic application program; And
Configuration module, is suitable for application tags described in described application deployment.
B11, device as described in B9 or B10, described first judge module is also suitable for:
Judge whether the application program receiving described message has application tags; And
If so, then judge that the application program receiving described message is characteristic application program.
B12, device as described in B9 or B10, described second judge module is also suitable for:
The type judging described message whether with described type of message tag match; And
If so, then judge that the type of described message is characteristic type.
B13, device as described in B9 or B10, described secure processing module is also suitable for:
Corresponding safe handling is carried out according to the application tags of the application program receiving described message.
B14, device as described in B13, described secure processing module is also suitable for:
When the application tags of the application program receiving described message is the first label, generate the safety instruction information of the application program for the application program and the described message of transmission receiving described message.
B15, device as described in B13, described secure processing module is also suitable for:
When the application tags of the application program receiving described message is the second label, remove the safety label of the application program receiving described message.
B16, device as described in B13, described secure processing module is also suitable for:
When the application tags of the application program receiving described message is the 3rd label, be sent to server by receiving the information of the application program of described message, the information sending the application program of described message and described message;
Receive that described server returns, for receive described message application program information, send the information of the application program of described message and the operation information of described message; And
Safe handling is carried out according to described operation information.
Claims (10)
1., based on a message treatment method for application program, comprising:
Detect the message transmitted among applications, wherein said message has type;
Judge whether the application program receiving described message is characteristic application program;
When the application program receiving described message is characteristic application program, judge whether the type of described message is characteristic type; And
When the type of described message is characteristic type, carry out corresponding safe handling.
2. the method for claim 1, is characterized in that, before the message that described detection is transmitted among applications, described method also comprises:
When application program launching being detected, extract the fisrt feature information of described application program;
Described fisrt feature information is sent to server;
Receive described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label, wherein said second feature information is the characteristic information of characteristic application program; And
To application tags described in described application deployment.
3. method as claimed in claim 1 or 2, is characterized in that, whether the described application program judging to receive described message is that the step of characteristic application program comprises:
Judge whether the application program receiving described message has application tags; And
If so, then judge that the application program receiving described message is characteristic application program.
4. method as claimed in claim 1 or 2, is characterized in that, whether the described type judging described message is that the step of characteristic type comprises:
The type judging described message whether with described type of message tag match; And
If so, then judge that the type of described message is characteristic type.
5. method as claimed in claim 1 or 2, is characterized in that, described in carry out corresponding safe handling step comprise:
Corresponding safe handling is carried out according to the application tags of the application program receiving described message.
6. method as claimed in claim 5, is characterized in that, the step that the application tags of the described application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the first label, generate the safety instruction information of the application program for the application program and the described message of transmission receiving described message.
7. method as claimed in claim 5, is characterized in that, the step that the application tags of the described application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the second label, remove the safety label of the application program receiving described message.
8. method as claimed in claim 5, is characterized in that, the step that the application tags of the described application program according to receiving described message carries out corresponding safe handling comprises:
When the application tags of the application program receiving described message is the 3rd label, be sent to server by receiving the information of the application program of described message, the information sending the application program of described message and described message;
Receive that described server returns, for receive described message application program information, send the information of the application program of described message and the operation information of described message; And
Safe handling is carried out according to described operation information.
9., based on a message processing apparatus for application program, comprising:
Detection module, be suitable for detecting the message transmitted among applications, wherein said message has type;
First judge module, whether the application program being suitable for judging to receive described message is characteristic application program;
Second judge module, is suitable for, when the application program of the described message of reception is characteristic application program, judging whether the type of described message is characteristic type; And
Secure processing module, is suitable for when the type of described message is characteristic type, carries out corresponding safe handling.
10. device as claimed in claim 9, is characterized in that, also comprise:
Extraction module, is suitable for when application program launching being detected, extracts the fisrt feature information of described application program;
Sending module, is suitable for described fisrt feature information to be sent to server;
Receiver module, is suitable for receiving described server when judging described fisrt feature information and second feature information matches, the application tags returned and type of message label; Described second feature information is the characteristic information of characteristic application program; And
Configuration module, is suitable for application tags described in described application deployment.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410784718.4A CN104484608A (en) | 2014-12-16 | 2014-12-16 | Application-based message processing method and application-based message processing device |
| PCT/CN2015/095452 WO2016095671A1 (en) | 2014-12-16 | 2015-11-24 | Method and device for processing application-based message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410784718.4A CN104484608A (en) | 2014-12-16 | 2014-12-16 | Application-based message processing method and application-based message processing device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104484608A true CN104484608A (en) | 2015-04-01 |
Family
ID=52759149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410784718.4A Pending CN104484608A (en) | 2014-12-16 | 2014-12-16 | Application-based message processing method and application-based message processing device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104484608A (en) |
| WO (1) | WO2016095671A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016095671A1 (en) * | 2014-12-16 | 2016-06-23 | 北京奇虎科技有限公司 | Method and device for processing application-based message |
| CN109471804A (en) * | 2018-11-14 | 2019-03-15 | 苏州科达科技股份有限公司 | Application detection method, device and storage medium in iOS |
| CN109788353A (en) * | 2018-12-05 | 2019-05-21 | 安徽站乾科技有限公司 | A kind of set-top box encryption copy prevention method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1877594A (en) * | 2006-06-23 | 2006-12-13 | 北京飞天诚信科技有限公司 | Electronic file automatic protection method and system |
| CN101414341A (en) * | 2007-10-15 | 2009-04-22 | 北京瑞星国际软件有限公司 | Software self-protection method |
| US20120137349A1 (en) * | 2001-05-31 | 2012-05-31 | Laurence Lundblade | Safe application distribution and execution in a wireless environment |
| CN102521548A (en) * | 2011-11-24 | 2012-06-27 | 中兴通讯股份有限公司 | Method for managing using rights of function and mobile terminal |
| CN104036194A (en) * | 2014-05-16 | 2014-09-10 | 北京金山安全软件有限公司 | Vulnerability detection method and device for revealing private data in application program |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7694022B2 (en) * | 2004-02-24 | 2010-04-06 | Microsoft Corporation | Method and system for filtering communications to prevent exploitation of a software vulnerability |
| US7574601B2 (en) * | 2004-08-24 | 2009-08-11 | Microsoft Corporation | Securely inspecting electronic messages |
| CN102752730B (en) * | 2012-07-19 | 2014-04-16 | 腾讯科技(深圳)有限公司 | Method and device for message handling |
| CN103198255B (en) * | 2013-04-03 | 2015-06-24 | 武汉大学 | Method and system for monitoring and intercepting sensitive behaviour of Android software |
| CN104484608A (en) * | 2014-12-16 | 2015-04-01 | 北京奇虎科技有限公司 | Application-based message processing method and application-based message processing device |
-
2014
- 2014-12-16 CN CN201410784718.4A patent/CN104484608A/en active Pending
-
2015
- 2015-11-24 WO PCT/CN2015/095452 patent/WO2016095671A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120137349A1 (en) * | 2001-05-31 | 2012-05-31 | Laurence Lundblade | Safe application distribution and execution in a wireless environment |
| CN1877594A (en) * | 2006-06-23 | 2006-12-13 | 北京飞天诚信科技有限公司 | Electronic file automatic protection method and system |
| CN101414341A (en) * | 2007-10-15 | 2009-04-22 | 北京瑞星国际软件有限公司 | Software self-protection method |
| CN102521548A (en) * | 2011-11-24 | 2012-06-27 | 中兴通讯股份有限公司 | Method for managing using rights of function and mobile terminal |
| CN104036194A (en) * | 2014-05-16 | 2014-09-10 | 北京金山安全软件有限公司 | Vulnerability detection method and device for revealing private data in application program |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016095671A1 (en) * | 2014-12-16 | 2016-06-23 | 北京奇虎科技有限公司 | Method and device for processing application-based message |
| CN109471804A (en) * | 2018-11-14 | 2019-03-15 | 苏州科达科技股份有限公司 | Application detection method, device and storage medium in iOS |
| CN109788353A (en) * | 2018-12-05 | 2019-05-21 | 安徽站乾科技有限公司 | A kind of set-top box encryption copy prevention method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016095671A1 (en) | 2016-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10762206B2 (en) | Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security | |
| US10311235B2 (en) | Systems and methods for malware evasion management | |
| EP3036645B1 (en) | Method and system for dynamic and comprehensive vulnerability management | |
| US20210021644A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| CN104484599A (en) | Behavior processing method and device based on application program | |
| US20130167236A1 (en) | Method and system for automatically generating virus descriptions | |
| Vaidya et al. | Security issues in language-based software ecosystems | |
| US20170353481A1 (en) | Malware detection by exploiting malware re-composition variations using feature evolutions and confusions | |
| WO2021034740A1 (en) | Method, system, and storage medium for security of software components | |
| CN109155774A (en) | System and method for detecting security threat | |
| US11811811B1 (en) | File scanner to detect malicious electronic files | |
| CN104517054A (en) | Method, device, client and server for detecting malicious APK | |
| CN103559447B (en) | A kind of detection method, checkout gear and detection system based on Virus Sample feature | |
| AU2015210929A1 (en) | Tagging security-relevant system objects | |
| Hamed et al. | Mobile malware detection: A survey | |
| Kim et al. | Attack detection application with attack tree for mobile system using log analysis | |
| CN105528543A (en) | Remote antivirus method, client, console and system | |
| US12010150B2 (en) | Multi-perspective security context per actor | |
| WO2021014208A2 (en) | Detection and prevention of malicious script attacks using behavioral analysis of run-time script execution events | |
| CN104484608A (en) | Application-based message processing method and application-based message processing device | |
| US11874932B2 (en) | Managing application security vulnerabilities | |
| Heartfield et al. | Protection against semantic social engineering attacks | |
| US20230367911A1 (en) | Analyzing scripts to create and enforce security policies in dynamic development pipelines | |
| CN109740351A (en) | A kind of leak detection method, device and the equipment of embedded firmware | |
| CN113518055B (en) | Data security protection processing method and device, storage medium and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150401 |
|
| RJ01 | Rejection of invention patent application after publication |