CN103824015A - Application program control method, device and system - Google Patents
Application program control method, device and system Download PDFInfo
- Publication number
- CN103824015A CN103824015A CN201410067493.0A CN201410067493A CN103824015A CN 103824015 A CN103824015 A CN 103824015A CN 201410067493 A CN201410067493 A CN 201410067493A CN 103824015 A CN103824015 A CN 103824015A
- Authority
- CN
- China
- Prior art keywords
- behavior
- program
- plug
- application program
- triggering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an application program control method, device and system, wherein the application program control method comprises the following steps that the application program is run, weather the application program is a tag-on service or not is judged, if the application program is judged to be the tag-on service, behavior of the application program during run time is monitored, when the behavior of the application program during the run time triggers a defense point, the relationship between the behavior of the triggering defense point and the tag-on service is acquired, and the behavior of the triggering defense point is controlled according to the relationship between the behavior of the triggering defense point and the tag-on service. By means of the application program control method, when the application program is judged to be the tag-on service, the normal use of a user can be guaranteed and malicious activities in the tag-on service can also be intercepted, so that the safety of a terminal system can be guaranteed, besides, the behavior of the tag-on service can be set as default or release, the harassment to the user caused by the frequent triggering defense point of the tag-on service can be avoided, and user experience is improved.
Description
Technical field
The present invention relates to field of computer technology, particularly a kind of control method of application program, device and system.
Background technology
Flourish along with various game, game plug-in program also day by day rises.Because plug-in program is by the method for similar Virus, game data to be modified, therefore, antivirus software can be mistaken for Virus by plug-in program, and causes a large amount of game users cannot normally use plug-in program.At present, most of antivirus softwares can be tackled as rogue program plug-in program, and point out user to select the processing operation to plug-in program.
But realizing in process of the present invention, inventor finds that prior art at least exists following problem, user non-technical personnel, be difficult to judge whether plug-in program is rogue program.If user selects to tackle some the necessary operations in plug-in program, can cause plug-in program to move; Propagate and plug-in program is easy to be used to bind rogue program, if user lets pass to this class plug-in program, can to user's terminal use of seat belts endanger.In addition, plug-in program frequently triggers defence stand user is caused to harassing and wrecking, reduces user and experiences.
Summary of the invention
The present invention is intended to solve the problems of the technologies described above at least to a certain extent.
For this reason, the object of a first aspect of the present invention is to propose a kind of control method of application program, can be in the time that application program be plug-in program, when guaranteeing the normal use of user, the malicious act in plug-in program is tackled, avoided plug-in program frequently to trigger defence stand user is caused to harassing and wrecking.
The object of a second aspect of the present invention is to propose a kind of control device of application program.
The object of third aspect present invention is to propose a kind of control system of application program.
The object of fourth aspect present invention is to propose a kind of client terminal device.
For reaching above-mentioned purpose, the control method that has proposed a kind of application program according to first aspect present invention embodiment, comprising: run application, and inquire about plug-in program storehouse to judge that whether described application program is as plug-in program; If judge that described application program is plug-in program, monitors the behavior of described application program in operational process; In the time that the behavior of described application program in operational process triggers defence stand, obtain the relation between behavior and the described plug-in program that triggers described defence stand; And according to the relation between the behavior of the described defence stand of described triggering and described plug-in program, the behavior of the described defence stand of described triggering is controlled.
The control method of the application program of the embodiment of the present invention, can the behavior in monitoring application program operational process in the time judging that application program is plug-in application program, in the time having behavior to trigger defence stand, according to the relation between the behavior and plug-in program, the behavior is controlled, for example, necessity relation is let pass to the behavior if, and non-essential relation is tackled the behavior if.Thereby, guarantee when user normally uses plug-in program the malicious act in plug-in program to tackle, guarantee the security of system of terminal.In addition, can the behavior of plug-in program be given tacit consent to interception or be let pass, avoid plug-in program frequently to trigger defence stand user is caused to harassing and wrecking, promote user and experience.
The embodiment of a second aspect of the present invention provides a kind of control device of application program, comprising: program operation module, for running application; Judge module, for inquiring about plug-in program storehouse to judge that whether described application program is as plug-in program; Monitoring module, in the time that described judge module judges that described application program is plug-in program, monitors the behavior of described application program in operational process; Acquisition module, for when described application program is in the time that the behavior of operational process triggers defence stand, obtains the relation between behavior and the described plug-in program that triggers described defence stand; And control module, for the behavior of the described defence stand of described triggering being controlled according to the relation between the behavior of the described defence stand of described triggering and described plug-in program.
The control device of the application program of the embodiment of the present invention, can the behavior in monitoring application program operational process in the time judging that application program is plug-in application program, in the time having behavior to trigger defence stand, according to the relation between the behavior and plug-in program, the behavior is controlled, for example, necessity relation is let pass to the behavior if, and non-essential relation is tackled the behavior if.Thereby, guarantee when user normally uses plug-in program the malicious act in plug-in program to tackle, guarantee the security of system of terminal.In addition, can the behavior of plug-in program be given tacit consent to interception or be let pass, avoid plug-in program frequently to trigger defence stand user is caused to harassing and wrecking, promote user and experience.
The embodiment of third aspect present invention provides a kind of control system of application program, comprising: the application program controlling device of the embodiment of second aspect present invention; And server, wherein, described server comprises plug-in program storehouse.
The control system of the application program of the embodiment of the present invention, can judge whether application program is plug-in program by the plug-in program storehouse in querying server, and the behavior in monitoring application program operational process in the time judging that application program is plug-in application program, in the time having behavior to trigger defence stand, according to the relation between the behavior and plug-in program, the behavior is controlled, for example, necessity relation is let pass to the behavior if, and non-essential relation is tackled the behavior if.Thereby, guarantee when user normally uses plug-in program the malicious act in plug-in program to tackle, guarantee the security of system of terminal.In addition, can the behavior of plug-in program be given tacit consent to interception or be let pass, avoid plug-in program frequently to trigger defence stand user is caused to harassing and wrecking, promote user and experience.
The embodiment of fourth aspect present invention provides a kind of client terminal device, comprising: shell, display, circuit board and processor, wherein, circuit board is placed in the interior volume that shell surrounds, and display is in housing exterior, and be connected with circuit board, processor is arranged on circuit board; Processor is for the treatment of data, and specifically for carrying out following steps: run application, and inquire about plug-in program storehouse to judge that whether described application program is as plug-in program; If judge that described application program is plug-in program, monitors the behavior of described application program in operational process; In the time that the behavior of described application program in operational process triggers defence stand, obtain the relation between behavior and the described plug-in program that triggers described defence stand; And according to the relation between the behavior of the described defence stand of described triggering and described plug-in program, the behavior of the described defence stand of described triggering is controlled.
The client terminal device of the embodiment of the present invention, can the behavior in monitoring application program operational process in the time judging that application program is plug-in application program, in the time having behavior to trigger defence stand, according to the relation between the behavior and plug-in program, the behavior is controlled, for example, necessity relation is let pass to the behavior if, and non-essential relation is tackled the behavior if.Thereby, guarantee when user normally uses plug-in program the malicious act in plug-in program to tackle, guarantee the security of system of terminal.In addition, can the behavior of plug-in program be given tacit consent to interception or be let pass, avoid plug-in program frequently to trigger defence stand user is caused to harassing and wrecking, promote user and experience.
Additional aspect of the present invention and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or additional aspect of the present invention and advantage accompanying drawing below combination is understood becoming the description of embodiment obviously and easily, wherein:
Fig. 1 is the process flow diagram of the control method of application program according to an embodiment of the invention.
Fig. 2 is the process flow diagram of the control method of application program in accordance with another embodiment of the present invention.
Fig. 3 is the structural representation of the control device of application program according to an embodiment of the invention.
Fig. 4 is the structural representation of the control device of application program in accordance with another embodiment of the present invention.
Fig. 5 is the structural representation of the control system of application program according to an embodiment of the invention.
Embodiment
Describe embodiments of the invention below in detail, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has the element of identical or similar functions from start to finish.Be exemplary below by the embodiment being described with reference to the drawings, only for explaining the present invention, and can not be interpreted as limitation of the present invention.
In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of indications such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as indication or hint relative importance.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
Describe according to the control method of the application program of the embodiment of the present invention, device and system below with reference to accompanying drawing.
In order to guarantee in malicious act implanted in effectively tackling plug-in program that the necessary behavior in plug-in program operates and can normally carry out, embodiments of the invention propose a kind of control method of application program.
Fig. 1 is the process flow diagram of the control method of application program according to an embodiment of the invention.As shown in Figure 1, according to the control method of the application program of the embodiment of the present invention, comprising:
S101, runs application, and inquires about plug-in program storehouse to judge that whether application program is as plug-in program.
In one embodiment of the invention, in the time running application, in the time of the process initiation at this application program place, this process is hung up, then inquire about and in plug-in program database, whether have this application program, if there is this application program, judge that this application program is plug-in program, if there is no this application program, judge that this application program is not plug-in program, and whether be that plug-in program carries out again calling this process to continue this application program of operation after mark to this application program according to this application program.
In an embodiment of the present invention, plug-in program database is the database of the numerous plug-in programs composition that identifies in the program from cloud server or network.Particularly, cloud server can be searched doubtful plug-in program by keyword search from the existing program sample of cloud server, or by spiders, webpage is searched for or doubtful plug-in program is monitored to obtain in known plug-in website.Then, obtain respectively the operating environment information of these doubtful plug-in programs, for example, for game plug-in program, obtain corresponding game environment and game operation, and then move these doubtful plug-in programs according to operating environment information simulation, and obtain the key word in pop-up window in behavior sequence in operational process and operational process, if behavior sequence is plug-in behavior pattern and/or key word and plug-in keyword match, this doubtful plug-in program can be defined as to plug-in program.
Wherein, plug-in behavior pattern is to the data of games own or behavior sequence that system data is modified, as input method is injected behavior, Remote thread injecting behavior, long-distance inner read-write behavior, the behavior of system core target releasing document, shutdown behavior, load driver program behavior, adds startup item behavior and revised one or more behaviors etc. of main browser page behavior.Plug-in key word is the distinctive key word of plug-in program, as hot game key word or conventional plug-in titles etc. such as plug-in, auxiliary, brush car, brush brills.Should be appreciated that in an embodiment of the present invention, above-mentioned is only exemplary to the explanation of plug-in behavior pattern and plug-in key word, and the present invention is not specifically limited the behavior sequence type in plug-in behavior pattern and the content of plug-in key word.
In an embodiment of the present invention, plug-in program database can be stored in local client, also can be stored in cloud server, and can upgrade according to predetermined period, and wherein, predetermined period can be 1 day, and one week etc., the present invention did not limit this.
S102, if judge that application program is plug-in program, the behavior of monitoring application program in operational process.
In one embodiment of the invention, the behavior of application program in operational process is application program processing operation to data or system in operational process, as Update Table etc.
S103, in the time that the behavior of application program in operational process triggers defence stand, obtains the relation between behavior and the plug-in program that triggers defence stand.
In one embodiment of the invention, be that input method is injected one or more of behavior, Remote thread injecting behavior, long-distance inner read-write behavior and the behavior of system core target releasing document if trigger the behavior of defence stand, the behavior of this triggering defence stand is the necessary behavior that plug-in program is realized its function, can determine that the pass between behavior and the plug-in program of this triggering defence stand is necessity relation; If the behavior of triggering defence stand is one or more in shutdown behavior, load driver program behavior, interpolation startup item behavior and the behavior of modification main browser page, the behavior of this triggering defence stand is the behavior that can cause to system security threat, can determine that the pass between behavior and the plug-in program of this triggering defence stand is non-essential relation.
S104, controls the behavior that triggers defence stand according to the relation between behavior and the plug-in program of triggering defence stand.
In one embodiment of the invention, if the pass between behavior and the plug-in program of triggering defence stand is necessity relation, the behavior that triggers defence stand is tackled; If the pass between behavior and the plug-in program of triggering defence stand is non-essential relation, the behavior that triggers defence stand is let pass.
The control method of the application program of the embodiment of the present invention, can the behavior in monitoring application program operational process in the time judging that application program is plug-in application program, in the time having behavior to trigger defence stand, according to the relation between the behavior and plug-in program, the behavior is controlled, for example, necessity relation is let pass to the behavior if, and non-essential relation is tackled the behavior if.Thereby, guarantee when user normally uses plug-in program the malicious act in plug-in program to tackle, guarantee the security of system of terminal.In addition, can the behavior of plug-in program be given tacit consent to interception or be let pass, avoid plug-in program frequently to trigger defence stand user is caused to harassing and wrecking, promote user and experience.
For control effect that can statistical study application programs, behavior specific aim and validity that can statistical study interception plug-in program, can record the interception operation of the behavior of application programs in operational process, and upload onto the server and analyze.Particularly, Fig. 2 is the process flow diagram of the control method of application program in accordance with another embodiment of the present invention, and as shown in Figure 2, the control method of application program of the present invention comprises:
S201, runs application, and inquires about plug-in program storehouse to judge that whether application program is as plug-in program.
S202, if judge that application program is plug-in program, the behavior of monitoring application program in operational process.
S203, in the time that the behavior of application program in operational process triggers defence stand, obtains the relation between behavior and the plug-in program that triggers defence stand.
In one embodiment of the invention, be that input method is injected one or more of behavior, Remote thread injecting behavior, long-distance inner read-write behavior and the behavior of system core target releasing document if trigger the behavior of defence stand, the behavior of this triggering defence stand is the necessary behavior that plug-in program is realized its function, can determine that the pass between behavior and the plug-in program of this triggering defence stand is necessity relation; If the behavior of triggering defence stand is one or more in shutdown behavior, load driver program behavior, interpolation startup item behavior and the behavior of modification main browser page, the behavior of this triggering defence stand is the behavior that can cause to system security threat, can determine that the pass between behavior and the plug-in program of this triggering defence stand is non-essential relation.
S204, controls the behavior that triggers defence stand according to the relation between behavior and the plug-in program of triggering defence stand.
In one embodiment of the invention, if the pass between behavior and the plug-in program of triggering defence stand is necessity relation, the behavior that triggers defence stand is tackled; If the pass between behavior and the plug-in program of triggering defence stand is non-essential relation, the behavior that triggers defence stand is let pass.
S205, the interception of recording the behavior of application programs in operational process operates and uploads onto the server.
In an embodiment of the present invention, after the record of interception operation is uploaded onto the server, server can carry out statistical study according to the interception operation note of client upload, and is optimized according to the control method of analysis result application programs.
The control method of the application program of the embodiment of the present invention, can the interception operation of the behavior of application programs in operational process will be recorded, and this record is uploaded onto the server, thereby behavior specific aim and validity to interception plug-in program are carried out statistical study, to be further optimized according to the control method of analysis result application programs, thereby improve validity and the specific aim of the control of application program.
In order to realize above-described embodiment, the present invention also proposes a kind of control device of application program.
Fig. 3 is the structural representation of the control device of application program according to an embodiment of the invention.As shown in Figure 3, the control device of this application program comprises: program operation module 110, judge module 120, monitoring module 130, acquisition module 140 and control module 150.
Particularly, program operation module 110 is for running application.
Judge module 120 is for inquiring about plug-in program storehouse to judge that whether application program is as plug-in program.In one embodiment of the invention, judge module 120 can comprise query unit 121 and judging unit 122.More specifically, after program operation module 110 runs application, judge module 120 is hung up this process in the time of the process initiation at this application program place, then inquire about in plug-in program database, whether there is this application program by query unit 121, judging unit 122 is in the time that query unit 121 inquires this application program in plug-in program data base, judge that this application program is plug-in program, judging unit 122, in the time that query unit 121 does not inquire this application program in plug-in program data base, judges that this application program is not plug-in program.Thereby whether program operation module 110 can be that plug-in program carries out again calling this process to continue this application program of operation after mark to this application program according to this application program.
In an embodiment of the present invention, plug-in program database is the database of the numerous plug-in programs composition that identifies in the program from cloud server or network.Particularly, cloud server can be searched doubtful plug-in program by keyword search from the existing program sample of cloud server, or by spiders, webpage is searched for or doubtful plug-in program is monitored to obtain in known plug-in website.Then, obtain respectively the operating environment information of these doubtful plug-in programs, for example, for game plug-in program, obtain corresponding game environment and game operation, and then move these doubtful plug-in programs according to operating environment information simulation, and obtain the key word in pop-up window in behavior sequence in operational process and operational process, if behavior sequence is plug-in behavior pattern and/or key word and plug-in keyword match, this doubtful plug-in program can be defined as to plug-in program.Wherein, plug-in behavior pattern is to the data of games own or behavior sequence that system data is modified, as input method is injected behavior, Remote thread injecting behavior, long-distance inner read-write behavior, the behavior of system core target releasing document, shutdown behavior, load driver program behavior, adds startup item behavior and revised one or more behaviors etc. of main browser page behavior.Plug-in key word is the distinctive key word of plug-in program, as hot game key word or conventional plug-in titles etc. such as plug-in, auxiliary, brush car, brush brills.
In an embodiment of the present invention, plug-in program database can be stored in local client, also can be stored in cloud server, and can upgrade according to predetermined period, and wherein, predetermined period can be 1 day, and one week etc., the present invention did not limit this.
Monitoring module 130 when judging that at judge module application program is plug-in program, the behavior of monitoring application program in operational process.In one embodiment of the invention, the behavior of application program in operational process is application program processing operation to data or system in operational process, as Update Table etc.
Acquisition module 140, for when application program is in the time that the behavior of operational process triggers defence stand, obtains the relation between behavior and the plug-in program that triggers defence stand.In one embodiment of the invention, be that input method is injected one or more of behavior, Remote thread injecting behavior, long-distance inner read-write behavior and the behavior of system core target releasing document if trigger the behavior of defence stand, the behavior of this triggering defence stand is the necessary behavior that plug-in program is realized its function, can determine that the pass between behavior and the plug-in program of this triggering defence stand is necessity relation; If the behavior of triggering defence stand is one or more in shutdown behavior, load driver program behavior, interpolation startup item behavior and the behavior of modification main browser page, the behavior of this triggering defence stand is the behavior that can cause to system security threat, can determine that the pass between behavior and the plug-in program of this triggering defence stand is non-essential relation.
Control module 150 is for controlling the behavior that triggers defence stand according to the relation between behavior and the plug-in program of triggering defence stand.In one embodiment of the invention, control module 150 can comprise interception unit 151 and clearance unit 152.More specifically, interception unit 151, for being necessity while being related to triggering pass between behavior and the plug-in program of defence stand, is tackled the behavior that triggers defence stand; Clearance unit 152 is non-essential while being related to triggering pass between behavior and the plug-in program of defence stand, and the behavior that triggers defence stand is let pass.
The control device of the application program of the embodiment of the present invention, can the behavior in monitoring application program operational process in the time judging that application program is plug-in application program, in the time having behavior to trigger defence stand, according to the relation between the behavior and plug-in program, the behavior is controlled, for example, necessity relation is let pass to the behavior if, and non-essential relation is tackled the behavior if.Thereby, guarantee when user normally uses plug-in program the malicious act in plug-in program to tackle, guarantee the security of system of terminal.In addition, can the behavior of plug-in program be given tacit consent to interception or be let pass, avoid plug-in program frequently to trigger defence stand user is caused to harassing and wrecking, promote user and experience.
Fig. 4 is the structural representation of the control device of application program in accordance with another embodiment of the present invention.As shown in Figure 4, according to the control device of the application program of the embodiment of the present invention, comprising: program operation module 110, judge module 120, monitoring module 130, acquisition module 140, control module 150 and logging modle 160.
Particularly, logging modle 160 operates and uploads onto the server in the interception of the behavior of operational process for recording application programs.In an embodiment of the present invention, after logging modle 160 uploads onto the server the record of interception operation, server can carry out statistical study according to the interception operation note of client upload, and is optimized according to the control method of analysis result application programs.
The control device of the application program of the embodiment of the present invention, can the interception operation of the behavior of application programs in operational process will be recorded, and this record is uploaded onto the server, thereby behavior specific aim and validity to interception plug-in program are carried out statistical study, to be further optimized according to the control method of analysis result application programs, thereby improve validity and the specific aim of the control of application program.
In order to realize above-described embodiment, the present invention also proposes a kind of control system of application program.
Fig. 5 is the structural representation of the control system of application program according to an embodiment of the invention.As shown in Figure 5, the control system of this application program comprises: the application program controlling device 100 of the embodiment of third aspect present invention; And server 300, wherein, server 300 comprises plug-in program storehouse.
In an embodiment of the present invention, server 300 can be same server with the server of fourth aspect present invention embodiment, also can be different servers.
The control system of the application program of the embodiment of the present invention, can judge whether application program is plug-in program by the plug-in program storehouse in querying server, and the behavior in monitoring application program operational process in the time judging that application program is plug-in application program, in the time having behavior to trigger defence stand, according to the relation between the behavior and plug-in program, the behavior is controlled, for example, necessity relation is let pass to the behavior if, and non-essential relation is tackled the behavior if.Thereby, guarantee when user normally uses plug-in program the malicious act in plug-in program to tackle, guarantee the security of system of terminal.In addition, can the behavior of plug-in program be given tacit consent to interception or be let pass, avoid plug-in program frequently to trigger defence stand user is caused to harassing and wrecking, promote user and experience.
Any process of otherwise describing in process flow diagram or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
The logic and/or the step that in process flow diagram, represent or otherwise describe at this, for example, can be considered to the sequencing list of the executable instruction for realizing logic function, may be embodied in any computer-readable medium, use for instruction execution system, device or equipment (as computer based system, comprise that the system of processor or other can and carry out the system of instruction from instruction execution system, device or equipment instruction fetch), or use in conjunction with these instruction execution systems, device or equipment.With regard to this instructions, " computer-readable medium " can be anyly can comprise, device that storage, communication, propagation or transmission procedure use for instruction execution system, device or equipment or in conjunction with these instruction execution systems, device or equipment.The example more specifically (non-exhaustive list) of computer-readable medium comprises following: the electrical connection section (electronic installation) with one or more wirings, portable computer diskette box (magnetic device), random-access memory (ram), ROM (read-only memory) (ROM), the erasable ROM (read-only memory) (EPROM or flash memory) of editing, fiber device, and portable optic disk ROM (read-only memory) (CDROM).In addition, computer-readable medium can be even paper or other the suitable medium that can print described program thereon, because can be for example by paper or other media be carried out to optical scanning, then edit, decipher or process in electronics mode and obtain described program with other suitable methods if desired, be then stored in computer memory.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in storer and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.
The above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
In the description of this instructions, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, those having ordinary skill in the art will appreciate that: in the situation that not departing from principle of the present invention and aim, can carry out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is by claim and be equal to and limit.
Claims (11)
1. a control method for application program, is characterized in that, comprising:
Run application, and inquire about plug-in program storehouse to judge that whether described application program is as plug-in program;
If judge that described application program is plug-in program, monitors the behavior of described application program in operational process;
In the time that the behavior of described application program in operational process triggers defence stand, obtain the relation between behavior and the described plug-in program that triggers described defence stand; And
According to the relation between the behavior of the described defence stand of described triggering and described plug-in program, the behavior of the described defence stand of described triggering is controlled.
2. the method for claim 1, is characterized in that, described inquiry plug-in program storehouse is to judge that described application program is whether as plug-in program specifically comprises:
Inquire about in described plug-in program storehouse and whether have described application program;
If there is described application program, judge that described application program is plug-in program;
If there is no described application program, judges that described application program is not plug-in program.
3. method as claimed in claim 1 or 2, is characterized in that, described in obtain the relation triggering between behavior and the described plug-in program of described defence stand and specifically comprise:
If the behavior of the described defence stand of described triggering is input method injection behavior, Remote thread injecting behavior, long-distance inner read-write behavior and the behavior of system core target releasing document one or more, the pass between behavior and the described plug-in program of definite described defence stand of described triggering is necessity relation;
If the behavior of the described defence stand of described triggering is one or more in shutdown behavior, load driver program behavior, interpolation startup item behavior and the behavior of modification main browser page, the pass between behavior and the described plug-in program of definite described defence stand of described triggering is non-essential relation.
4. method as claimed in claim 1 or 2, is characterized in that, describedly according to the relation between the behavior of the described defence stand of described triggering and described plug-in program, the behavior of the described defence stand of described triggering is controlled specifically and is comprised:
If the pass between behavior and the described plug-in program of the described defence stand of described triggering is necessity relation, the behavior of the described defence stand of described triggering is tackled;
If the pass between behavior and the described plug-in program of the described defence stand of described triggering is non-essential relation, the behavior of the described defence stand of described triggering is let pass.
5. method as claimed in claim 1 or 2, is characterized in that, also comprises:
The interception of record behavior in operational process to described application program operates and uploads onto the server.
6. a control device for application program, is characterized in that, comprising:
Program operation module, for running application;
Judge module, for inquiring about plug-in program storehouse to judge that whether described application program is as plug-in program;
Monitoring module, in the time that described judge module judges that described application program is plug-in program, monitors the behavior of described application program in operational process;
Acquisition module, for when described application program is in the time that the behavior of operational process triggers defence stand, obtains the relation between behavior and the described plug-in program that triggers described defence stand; And
Control module, for controlling the behavior of the described defence stand of described triggering according to the relation between the behavior of the described defence stand of described triggering and described plug-in program.
7. device as claimed in claim 6, is characterized in that, described judge module specifically comprises:
Whether query unit, there is described application program for inquiring about described plug-in program storehouse;
Judging unit, for in the time that described query unit inquires described application program in described plug-in program storehouse, judge that described application program is plug-in program, and in the time that described query unit does not inquire described application program in described plug-in program storehouse, judge that described application program is not plug-in program.
8. the device as described in claim 6 or 7, is characterized in that, described acquisition module specifically for:
Be input method while injecting one or more of behavior, Remote thread injecting behavior, long-distance inner read-write behavior and the behavior of system core target releasing document in the behavior of the described defence stand of described triggering, determine that the pass between behavior and the described plug-in program of the described defence stand of described triggering is necessity relation;
Be shutdown behavior, load driver program behavior in the behavior of the described defence stand of described triggering, when adding startup item behavior and revising one or more in main browser page behavior, determine that the pass between behavior and the described plug-in program of the described defence stand of described triggering is non-essential relation.
9. the device as described in claim 6 or 7, is characterized in that, described control module specifically comprises:
Interception unit, is necessity while being related to for the pass between behavior and the described plug-in program of the described defence stand of described triggering, and the behavior of the described defence stand of described triggering is tackled;
Clearance unit, is non-essential while being related to for the pass between behavior and the described plug-in program of the described defence stand of described triggering, and the behavior of the described defence stand of described triggering is let pass.
10. the device as described in claim 6 or 7, is characterized in that, also comprises:
Logging modle, operates and uploads onto the server in the interception of the behavior of operational process described application program for recording.
The control system of 11. 1 kinds of application programs, is characterized in that, comprising:
The control device of the application program as described in claim 6-10; And.
Server, wherein, described server comprises plug-in program storehouse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410067493.0A CN103824015B (en) | 2014-02-26 | 2014-02-26 | Application program control method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410067493.0A CN103824015B (en) | 2014-02-26 | 2014-02-26 | Application program control method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103824015A true CN103824015A (en) | 2014-05-28 |
| CN103824015B CN103824015B (en) | 2017-05-24 |
Family
ID=50759071
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410067493.0A Active CN103824015B (en) | 2014-02-26 | 2014-02-26 | Application program control method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103824015B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105607934A (en) * | 2015-12-24 | 2016-05-25 | 北京奇虎科技有限公司 | Application processing method and terminal |
| CN106775986A (en) * | 2016-12-26 | 2017-05-31 | 努比亚技术有限公司 | A kind of process management method and electronic equipment |
| CN110928595A (en) * | 2018-08-31 | 2020-03-27 | 北京搜狗科技发展有限公司 | Permission operation method and device |
| CN113407804A (en) * | 2021-07-14 | 2021-09-17 | 杭州雾联科技有限公司 | External hanging accurate marking and identifying method and device based on crawler |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130024944A1 (en) * | 2010-01-13 | 2013-01-24 | Nec Corporation | Confidential information leakage prevention system, confidential information leakage prevention method and confidential information leakage prevention program |
| CN102902924A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for detecting behavior feature of file |
| CN102945344A (en) * | 2012-10-17 | 2013-02-27 | 北京奇虎科技有限公司 | Background switching service processing method and system |
-
2014
- 2014-02-26 CN CN201410067493.0A patent/CN103824015B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130024944A1 (en) * | 2010-01-13 | 2013-01-24 | Nec Corporation | Confidential information leakage prevention system, confidential information leakage prevention method and confidential information leakage prevention program |
| CN102902924A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for detecting behavior feature of file |
| CN102945344A (en) * | 2012-10-17 | 2013-02-27 | 北京奇虎科技有限公司 | Background switching service processing method and system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105607934A (en) * | 2015-12-24 | 2016-05-25 | 北京奇虎科技有限公司 | Application processing method and terminal |
| CN106775986A (en) * | 2016-12-26 | 2017-05-31 | 努比亚技术有限公司 | A kind of process management method and electronic equipment |
| CN106775986B (en) * | 2016-12-26 | 2020-09-01 | 努比亚技术有限公司 | Process management method and electronic equipment |
| CN110928595A (en) * | 2018-08-31 | 2020-03-27 | 北京搜狗科技发展有限公司 | Permission operation method and device |
| CN110928595B (en) * | 2018-08-31 | 2024-02-02 | 北京搜狗科技发展有限公司 | Authority operation method and device |
| CN113407804A (en) * | 2021-07-14 | 2021-09-17 | 杭州雾联科技有限公司 | External hanging accurate marking and identifying method and device based on crawler |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103824015B (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104268055B (en) | The monitoring method and device of a kind of program exception | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| CN108667855B (en) | Network flow abnormity monitoring method and device, electronic equipment and storage medium | |
| CN104573515A (en) | Virus processing method, device and system | |
| CN102882875B (en) | Active defense method and device | |
| CN102438001B (en) | Access filtering device and access filtering method | |
| CN103617395A (en) | Method, device and system for intercepting advertisement programs based on cloud security | |
| CN105205413B (en) | A kind of guard method of data and device | |
| US20150101055A1 (en) | Method, system and terminal device for scanning virus | |
| CN103020524A (en) | Computer virus monitoring system | |
| CN103825780A (en) | Tag-on program identification method, service and system | |
| CN111125688B (en) | Process control method and device, electronic equipment and storage medium | |
| CN103019687A (en) | Method and device for displaying pop window information | |
| CN103824015A (en) | Application program control method, device and system | |
| CN105446864A (en) | Method and device for verifying influence of deletion of cache file and mobile terminal | |
| CN105005735A (en) | Downloading management method and downloading management device | |
| CN102194073A (en) | Scanning method and device of antivirus software | |
| CN104881291A (en) | Control method and device of default browser and terminal | |
| CN111191243A (en) | Vulnerability detection method and device and storage medium | |
| CN104050257A (en) | Detection method and device for phishing webpage | |
| CN104217162A (en) | Method and system for detecting malicious software in smart terminal | |
| CN103136477B (en) | The scan method of paper sample and system | |
| CN106325993A (en) | Freezing method of application program and terminal | |
| CN106302531B (en) | Safety protection method and device and terminal equipment | |
| CN101950339B (en) | Security protection method and system of computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181211 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Patentee after: Zhuhai Seal Interest Technology Co., Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Patentee before: Zhuhai Juntian Electronic Technology Co.,Ltd. |