+

WO2016015680A1 - Procédé et appareil de détection de sécurité pour fenêtre d'entrée d'un terminal mobile - Google Patents

Procédé et appareil de détection de sécurité pour fenêtre d'entrée d'un terminal mobile Download PDF

Info

Publication number
WO2016015680A1
WO2016015680A1 PCT/CN2015/085802 CN2015085802W WO2016015680A1 WO 2016015680 A1 WO2016015680 A1 WO 2016015680A1 CN 2015085802 W CN2015085802 W CN 2015085802W WO 2016015680 A1 WO2016015680 A1 WO 2016015680A1
Authority
WO
WIPO (PCT)
Prior art keywords
window
feature information
security
mobile terminal
feature
Prior art date
Application number
PCT/CN2015/085802
Other languages
English (en)
Chinese (zh)
Inventor
孟齐源
高祎玮
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2016015680A1 publication Critical patent/WO2016015680A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Definitions

  • the present invention relates to the field of Internet security, and in particular to a security detection method and a security detection apparatus for an input window of a mobile terminal.
  • the information security of mobile terminals involves the confidentiality of user information, the security of user funds and the security of payment information.
  • a common method is to use a static or dynamic feature of a mobile application software to match a preset feature database to identify a mobile application software for detection. It is a blacklist or a whitelist, where the whitelist refers to the list of normal applications that have been verified, and the blacklist refers to the list that has been confirmed as a malicious application.
  • the update speed of the existing preset feature library cannot meet the detection requirements of the newly appearing application, thereby causing some mobile applications that cannot be discriminated, thereby failing to achieve real-time effective protection of the mobile.
  • the purpose of the terminal's information security is to use a static or dynamic feature of a mobile application software to match a preset feature database to identify a mobile application software for detection. It is a blacklist or a whitelist, where the whitelist refers to the list of normal applications that have been verified, and the blacklist refers to the list that has been confirmed as a malicious application.
  • the present invention has been made in order to provide a security detecting apparatus for a mobile terminal input window that overcomes the above problems or at least partially solves the above problems, and a security detecting method of a corresponding mobile terminal input window.
  • a further object of the present invention is to make it possible to determine whether there is a security risk of stealing user information through the display window, and to ensure user information security.
  • Another further object of the present invention is to make full use of various elements of the display window for judgment to ensure the accuracy of the detection.
  • a security detection method based on a mobile terminal interface window comprises: determining a window to be inspected on the display interface of the mobile terminal; extracting feature information of at least one element in the window to be inspected; and performing feature matching on the feature information using the preset feature information database
  • the element matching result is determined; the security type of the to-be-checked window is determined according to the element matching result, wherein the feature information library pre-stores element feature information of the payment class software class window and/or element feature information of the window of the malicious sample.
  • a security detecting apparatus for a mobile terminal input window.
  • the security detecting device includes an interface monitoring module, and is adapted to determine that a window to be inspected is generated on the display interface of the mobile terminal; the feature information extracting module is adapted to extract feature information of at least one element in the window to be inspected; Feature matching is performed on the feature information in the preset feature information library, and the matching result of the element is obtained, and the security type of the to-be-checked window is determined according to the element matching result, wherein the feature information library pre-stores the elements of the payment-type software class window. Feature information and/or element feature information of a window of a malicious sample.
  • a computer program comprising computer readable code that, when executed on a computing device, causes the computing device to perform the above-described mobile terminal interface window based security Detection method.
  • a computer readable medium wherein the computer program described above is stored.
  • the security detection method of the input window of the mobile terminal of the present invention uses the to-be-checked window appearing on the display interface to perform matching of the window element features to determine whether the window to be inspected is disguised as a display window of the security application software, thereby preventing malicious programs from camouflaging through the window.
  • the method intercepts user information and improves user information security.
  • the security detection method of the input window of the mobile terminal of the present invention can be detected by using white sample feature matching and black sample feature matching, and can determine that the to-be-checked window is a security window, and can also determine that the to-be-checked window is a malicious window. Improve the accuracy of security testing.
  • FIG. 1 is a schematic block diagram of a security detecting apparatus of a mobile terminal input window according to an embodiment of the present invention
  • FIG. 2 is a diagram showing an application environment of a security detecting apparatus of a mobile terminal input window according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a security detection method based on a mobile terminal interface window according to an embodiment of the present invention
  • FIG. 4 is an optional flowchart of a security detection method based on a mobile terminal interface window according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a to-be-checked window in a security detection method based on a mobile terminal interface window according to an embodiment of the present invention
  • FIG. 6 is a block diagram schematically showing a computing device for performing a mobile terminal interface window based security detection method in accordance with the present invention
  • Fig. 7 schematically shows a storage unit for holding or carrying program code implementing a mobile terminal interface window based security detection method according to the present invention.
  • the security detecting device 100 of the mobile terminal input window may generally include: an interface monitoring module 110, a feature information extracting module 120, and a feature matching module 130, and the components may be based on the function and environment of the security detecting device 100 of the mobile terminal input window.
  • Flexible configuration in some preferred embodiments, more functions can be achieved by adding components, and different technical effects are achieved.
  • the setting process scanning module 140 and the security prompt module 150 can also be added.
  • the feature matching module 130 is further added.
  • An optional structure includes a white sample matching sub-module 132, a black sample matching sub-module 134, and an information uploading sub-module 136.
  • the interface monitoring module 110 may be adapted to determine that a window to be inspected is generated on the display interface of the mobile terminal, and an optional process is to detect a process change in the mobile terminal. The determination process generates a new window on the mobile terminal display interface. Detecting processes in the mobile terminal can utilize the main defense technology to inject into the system process to obtain the process generation window.
  • the interface monitoring module 110 may use a window with an input box as a window to be inspected.
  • the feature information extraction module 120 extracts feature information of at least one element in the to-be-checked window.
  • the element of the element to-be-checked window of the general display window includes at least one of the following: an input box, a title bar, a label, a menu, an operation button, correspondingly, a feature.
  • the feature information extracted by the information extraction module 120 may include one or more of text content, location information, link address, and element type of the above elements.
  • the feature matching module 130 may perform feature matching on the feature information in the preset feature information library to obtain a matching result of the element, and determine a security type of the to-be-checked window according to the element matching result.
  • the feature information base pre-stores the feature information of the element of the payment class software class window and/or the element feature information of the window of the malicious sample.
  • the element feature information of the payment class software window pre-stored by the feature information library includes: payment type software
  • the element feature information of the login window, the element feature information of the account binding window of the payment software, and the element feature information of the payment window of the payment class software are used to match the feature information of the element of the payment class software class window as a white sample.
  • the element feature information of the window of the malicious sample may extract the feature of the element of the window of the reported malicious sample as the matching basis of the black sample.
  • the white sample matching sub-module 132 may extract the payment keyword included in the text content of the element in the to-be-checked window, determine the corresponding payment-type software according to the payment keyword, and select the feature information and the feature information library of the element of the to-be-checked window. The window element feature information of the corresponding payment software is compared. If the comparison result is consistent, the window to be checked is determined to be a security window.
  • the security detecting apparatus 100 of the mobile terminal input window of the present embodiment can perform normal operations without any intervention by the user.
  • the black sample matching sub-module 134 may match the feature information of the to-be-detected window with the element feature information of the window of the malicious sample in the feature information library, and if a match occurs, determine that the to-be-checked window is a malicious window. For malicious windows, if the user enters account information and other content, it may be intercepted, resulting in information leakage, so Report to the user and take the necessary action. For example, the prompt information corresponding to the security type is output on the mobile terminal display interface by the security prompt module 150.
  • the above information matching process may be performed on the terminal side, or may be matched in the cloud by using cloud technology.
  • the information uploading sub-module 136 is used to upload the feature information to the security analysis server, and the preset feature information preset in the security analysis server is utilized.
  • the library performs the process of matching the above information.
  • a specific configuration manner is that a database is preset on the terminal side and the network side for feature matching of window elements to be applicable to different usage environments.
  • the process scanning module 140 may perform a security scan on the process of generating the window to determine the sample type of the process; the scan result of the feature information extraction module 130 in the process scan module is any that the process does not belong to a known security process or a known dangerous process.
  • the step of extracting the feature information of at least one element in the window is performed. That is to say, the filtering is first performed by means of process detection, and the step of performing feature matching of the window elements is performed only when the process detection cannot determine the security.
  • the security detecting apparatus 100 of the mobile terminal input window of the present embodiment may be disposed in various types of mobile terminals 10, such as a smart phone. , tablets, handheld computers, etc.
  • the mobile terminal 10 can be operated in an operating system such as Android.
  • the security detecting device 100 of the mobile terminal input window of the embodiment determines the window to be inspected on the display interface of the mobile terminal by using the process of the above operating system, and uses the preset.
  • the feature information library in which the window element feature is saved in the mobile terminal performs feature matching.
  • the above-mentioned feature information database is sent by the security analysis server 30 through the mobile network 20.
  • the security detection device 100 of the mobile terminal input window can also upload the feature information of the extracted elements of the to-be-detected window through the mobile network 20, by security.
  • the analysis server 30 presets a feature information library in which the window element feature is stored in the mobile terminal to perform feature matching, and delivers the matching result to the mobile terminal 10, and prompts the malicious window.
  • FIG. 3 is a schematic diagram of a security detection method based on a mobile terminal interface window according to an embodiment of the present invention. As shown in the figure, the security detection method based on a mobile terminal interface window includes the following steps:
  • Step S302 determining that a window to be inspected appears on the display interface of the mobile terminal
  • Step S304 extracting feature information of at least one element in the to-be-checked window
  • Step S306 performing feature matching on the feature information by using a preset feature information database to obtain an element matching result
  • Step S308 determining a security type of the to-be-checked window according to the element matching result.
  • step S302 may determine that a window to be detected appears by detecting a process change in the mobile terminal, and specifically, detecting a process change in the mobile terminal to determine that the process generates a new window on the display interface of the mobile terminal.
  • the process of detecting the process in the mobile terminal can be injected into the system process by using the main defense technology to obtain the process generation window.
  • One technical problem to be solved by the present embodiment is to prevent account information or support input by the user.
  • the payment information is intercepted, so the above-mentioned to-be-checked window may be specifically a window with an input box, especially if the type of the input box is a password box.
  • the text in the title bar of the newly appeared window includes the following keywords: "fast payment”, “Alipay payment”, “WeChat payment”, “mobile payment”, “mobile banking”, etc., the window needs to be used as The window to be checked.
  • the element of the element to be inspected window of the general display window includes at least one of the following: an input box, a title bar, a label, a menu, an operation button, and the feature information extracted in step S304 may include text content, location information, link address, and element of the above element.
  • an input box a title bar, a label, a menu, an operation button
  • the feature information extracted in step S304 may include text content, location information, link address, and element of the above element.
  • the feature information library used in step S306 pre-stores element feature information of the payment class software class window and/or element feature information of the window of the malicious sample, that is, both the security window and the danger window can be identified, and the check window is non-black. That is, the white detection measurement.
  • step S306 may include performing any one or both of the matching methods of white sample feature matching and black sample feature matching on the feature information.
  • the element feature information of the payment type software window pre-stored by the feature information database includes the following: element feature information of the login window of the payment type software, element feature information of the account binding window of the payment type software, and a payment window of the payment type software. Elemental feature information.
  • the process of performing white sample feature matching in step S306 may be: extracting a payment keyword included in the text content of the element in the to-be-checked window, determining a corresponding payment type software according to the payment keyword; and selecting feature information and characteristics of the element of the to-be-checked window The window element feature information of the corresponding payment software in the information base is compared. If the comparison result is consistent, it is determined that the to-be-checked window is a security window.
  • a specific example is that the text in the title bar of the window is “WeChat Payment”, and the element feature of the window is matched with the element feature of the payment interface in the WeChat client. If the matching is successful, the window to be checked can be confirmed as WeChat payment. Window, otherwise the window to be inspected can be considered as a malicious window or needs further testing.
  • Step S306 Performing a black sample feature matching on the feature information includes: matching feature information of the to-be-detected window with element feature information of a window of the malicious sample in the feature information database, and if a match occurs, determining that the to-be-checked window is malicious window.
  • the prompt information corresponding to the security type may be output on the display interface of the mobile terminal to remind the user.
  • the malicious window can also be processed, for example, the window is blocked, the input box is grayed out in an uninputable state, and the user is prevented from performing an operation. If the user's reminder information is ignored, the window is restored. .
  • the security detection method of the input window of the mobile terminal of the present embodiment can also upload the feature information to the security analysis server and receive the certificate sent by the security analysis server, in addition to performing the black and white sample feature matching using the feature information library preset on the mobile terminal. Feature matching results, so that the big data on the network side is used for matching, and the obtained result is more accurate.
  • the virus detection system of the mobile terminal may also be used to detect the sample of the process, for example, a security scan of the process of generating the window to determine the sample type of the process; when the process is not a known security process or a known danger When any of the processes is performed, then step S304 is performed. That is to say, the filtering is first performed by means of process detection, and the step of performing feature matching of the window elements is performed only when the process detection cannot determine the security.
  • FIG. 4 is an optional flowchart of a method for detecting security based on a mobile terminal interface window according to an embodiment of the present invention, where the process includes:
  • Step S402 determining to generate a new pending window on the display interface of the mobile terminal
  • Step S404 using the virus master defense software of the mobile terminal to determine whether the process of generating the window is a known security process, if the window is allowed to operate normally, if not, perform step S406;
  • Step S406 using the virus main prevention software of the mobile terminal to determine whether the process of generating the window is a known malicious process, if the user is prompted for security, and performing corresponding security operations (such as ending the process, deleting the file, putting the quarantine area, etc.) If no, it indicates that the process security cannot be determined, and the subsequent window element feature matching is required;
  • Step S408 it is determined whether the newly generated window has an input box, and if it is indicated that the window is only a content display window, the detection may not be performed;
  • Step S410 determining that the window is a window to be inspected
  • step S412 the feature of the window element is extracted, and specifically includes the following contents: text content, location information, link address, element, and the like of the input box, the title bar, the label, the menu, the operation button, and the like.
  • Step S414 using the features of the white sample window element to perform matching, if the matching is successful, if the window is allowed to run normally;
  • Step S416 using the features of the black sample window element to perform matching, if the matching is unsuccessful, the element feature may be uploaded to the security analysis server for further analysis;
  • Step S418, prompting the window security risk, and performing security precautions on the window for example, shielding the window, graying the input box to be in an uninputable state, and the like, preventing the user from performing operations and leaking personal information.
  • the above prompt window can prompt the security risks of the window, and can also provide operation options to the user, such as uninstalling related applications, uploading security detection results, ignoring prompts, etc., so that the user can judge and perform corresponding operations.
  • determining the similarity degree of the interface of the client for example, when the dialog box pops up, the feature of the element in the dialog box (category of the prompt box, title bar) can be determined. For example, if the title bar prompts Taobao Alipay to log in, there is no suggestion box in the interface bar, is it a password box.
  • the feature string of the element After extracting the feature string of the element, it can be identified according to the input box and the text in the interface, and a decision model is established to determine whether it is a payment or other financial interface (for example, a login box similar to Taobao and WeChat, whether it is WeChat Alipay binds the interface of the bank card).
  • a payment or other financial interface for example, a login box similar to Taobao and WeChat, whether it is WeChat Alipay binds the interface of the bank card.
  • the elements of the extraction window can be performed in a script-like language, combined with the determination rules to determine the shape of the frame of the Android system display interface, and the signature of the existing package name is compared with the existing one.
  • the identification of the security detection method based on the interface window of the mobile terminal in this embodiment can make up for the shortcoming that the update speed cannot meet the requirements.
  • FIG. 5 is a schematic diagram of a to-be-checked window based on a security detection method of a mobile terminal interface window according to an embodiment of the present invention.
  • the main defense engine first determines to generate the window.
  • the security type of the client of the window for example, matching the package name and the permission information feature. If the window belongs to a white sample, the window can be made to run normally. If the window belongs to a black sample, the user needs to be reminded of the security risk and provide corresponding Security options (such as prompt uninstallation, blocking the popup of the application, etc.), if the client's security type cannot be determined, extract the title bar, label, and input box type. In the title bar of Figure 5, please enter the payment.
  • Password and the amount and bank card information also appear in the label.
  • the characteristics (position, link address, text) of the above elements and the black and white window elements in the feature library are required.
  • Matching features if it is determined that the features are known secure payment windows, allowing the window to function properly, if it is determined that the features match the features of the black sample masquerading as a payment window, then the risk is indicated on the window display interface, and Set the input box to be unreadable before the user can proceed further. Thereby, the account information input by the user is prevented from being intercepted and the loss is caused.
  • the security detection method based on the mobile terminal interface window of the present embodiment utilizes the to-be-checked window appearing on the display interface to perform matching of the window element features, thereby preventing the malicious program from intercepting the user information through the window masquerading method, thereby improving user information security.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any such disclosure may be employed in any combination.
  • the method or all of the processes or units of the device are combined.
  • Each of the feature information disclosed in the specification (including the accompanying claims, the abstract, and the drawings) may be replaced by alternative feature information providing the same, equivalent, or similar purpose, unless otherwise explicitly stated.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or some of the components of a mobile terminal interface window based security detection device in accordance with an embodiment of the present invention or All features.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • FIG. 6 illustrates a computing device that can implement a mobile terminal interface window based security detection method in accordance with the present invention.
  • the computing device conventionally includes a processor 610 and a computer program product or computer readable medium in the form of a memory 620.
  • the memory 620 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM.
  • Memory 620 has a memory space 630 for program code 631 for performing any of the method steps described above.
  • storage space 630 for program code may include various program code 631 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • Such computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG.
  • the storage unit may have storage segments, storage spaces, and the like that are similarly arranged to memory 620 in the computing device of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes computer readable code 631', ie, code readable by a processor, such as 610, that when executed by a computing device causes the computing device to perform each of the methods described above step.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • User Interface Of Digital Computer (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention concerne un procédé et un appareil de détection de sécurité pour fenêtre d'entrée d'un terminal mobile. Le procédé de détection de sécurité sur la base d'une fenêtre d'interface d'un terminal mobile comprend les étapes consistant à : déterminer qu'une fenêtre devant être détectée apparaît sur une interface d'affichage d'un terminal mobile (S302) ; extraire des informations sur les caractéristiques relatives à au moins un élément dans la fenêtre devant être détectée (S304) ; utiliser une base d'informations sur les caractéristiques prédéfinie pour effectuer une mise en correspondance des caractéristiques sur les informations sur les caractéristiques de manière à obtenir un résultat de mise en correspondance d'éléments (S306) ; et déterminer le type de sécurité de la fenêtre devant être détectée en fonction du résultat de la mise en correspondance d'éléments, la base d'informations sur les caractéristiques prémémorisant les informations sur les caractéristiques des éléments relatives à une fenêtre d'un type de logiciel de paiement et/ou les informations sur les caractéristiques des éléments relatives à une fenêtre d'un échantillon malveillant. Le procédé et l'appareil peuvent procéder à une mise en correspondance de caractéristiques d'éléments de fenêtre en utilisant une fenêtre devant être détectée sur une interface d'affichage de manière à prévenir le cas dans lequel un programme malveillant intercepte des informations sur l'utilisateur au moyen d'un camouflage de fenêtre, ce qui accroît la sécurité des informations sur l'utilisateur.
PCT/CN2015/085802 2014-08-01 2015-07-31 Procédé et appareil de détection de sécurité pour fenêtre d'entrée d'un terminal mobile WO2016015680A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410377593.3 2014-08-01
CN201410377593.3A CN104182687B (zh) 2014-08-01 2014-08-01 移动终端输入窗口的安全检测方法和安全检测装置

Publications (1)

Publication Number Publication Date
WO2016015680A1 true WO2016015680A1 (fr) 2016-02-04

Family

ID=51963719

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/085802 WO2016015680A1 (fr) 2014-08-01 2015-07-31 Procédé et appareil de détection de sécurité pour fenêtre d'entrée d'un terminal mobile

Country Status (2)

Country Link
CN (1) CN104182687B (fr)
WO (1) WO2016015680A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10565368B2 (en) 2015-07-21 2020-02-18 Samsung Electronics Co., Ltd. Electronic device and method of controlling same
CN112084501A (zh) * 2020-09-18 2020-12-15 珠海豹趣科技有限公司 一种恶意程序的检测方法、装置、电子设备及存储介质
CN114186124A (zh) * 2021-11-22 2022-03-15 北京达佳互联信息技术有限公司 信息推送方法、装置、电子设备及存储介质
CN116051868A (zh) * 2023-03-31 2023-05-02 山东大学 一种面向windows系统的界面元素识别方法

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104182687B (zh) * 2014-08-01 2016-10-05 北京奇虎科技有限公司 移动终端输入窗口的安全检测方法和安全检测装置
CN104881319B (zh) * 2015-05-14 2018-07-27 北京奇虎科技有限公司 一种跨进程的数据处理方法和装置
CN107153790A (zh) * 2016-03-04 2017-09-12 北京众思铭信息技术有限公司 移动终端安全防护方法、装置及移动终端
CN105930720A (zh) * 2016-05-05 2016-09-07 北京元心科技有限公司 一种实现与设备安全人机交互的方法和系统
CN107562474A (zh) * 2017-08-29 2018-01-09 努比亚技术有限公司 一种应用程序的界面过滤方法、终端及计算机可读存储介质
CN108133137B (zh) * 2017-12-13 2021-11-23 北京奇虎科技有限公司 智能终端中的界面安全性检测方法和装置
CN108108618B (zh) * 2017-12-28 2021-05-25 中国信息通信研究院 伪造攻击的应用界面检测方法及装置
CN109302338B (zh) * 2018-08-31 2022-04-19 南昌努比亚技术有限公司 智能风险提示方法、移动终端及计算机可读存储介质
CN110018957B (zh) * 2019-02-14 2024-04-09 创新先进技术有限公司 一种资损核对脚本检测方法及装置
CN109992472A (zh) * 2019-02-25 2019-07-09 努比亚技术有限公司 一种界面监测方法、终端及计算机可读存储介质
CN110309647B (zh) * 2019-06-28 2022-02-25 北京乐蜜科技有限责任公司 针对应用程序的处理方法、装置、电子设备及存储介质
CN111949356A (zh) * 2020-08-17 2020-11-17 联想(北京)有限公司 弹窗处理方法、装置及电子设备
CN112905890B (zh) * 2021-03-04 2024-10-11 深信服科技股份有限公司 一种待拦截窗口识别方法、装置、设备及存储介质

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102592067A (zh) * 2011-01-17 2012-07-18 腾讯科技(深圳)有限公司 一种网页识别方法、装置及系统
CN102622553A (zh) * 2012-04-24 2012-08-01 腾讯科技(深圳)有限公司 检测网页安全的方法及装置
CN102737183A (zh) * 2012-06-12 2012-10-17 腾讯科技(深圳)有限公司 网页安全访问的方法及装置
US8468597B1 (en) * 2008-12-30 2013-06-18 Uab Research Foundation System and method for identifying a phishing website
CN103390128A (zh) * 2013-08-01 2013-11-13 贝壳网际(北京)安全技术有限公司 页面的标注方法、装置与终端设备
CN103795703A (zh) * 2011-04-18 2014-05-14 北京奇虎科技有限公司 一种保证用户网络安全性的方法及客户端
CN103825866A (zh) * 2012-11-19 2014-05-28 腾讯科技(深圳)有限公司 一种登录安全检测方法和装置
CN104021467A (zh) * 2014-06-12 2014-09-03 北京奇虎科技有限公司 保护移动终端支付安全的方法和装置以及移动终端
CN104021339A (zh) * 2014-06-10 2014-09-03 北京奇虎科技有限公司 移动终端的安全支付方法及装置
CN104134143A (zh) * 2014-07-15 2014-11-05 北京奇虎科技有限公司 移动支付安全的保护方法、装置及云服务器
CN104182687A (zh) * 2014-08-01 2014-12-03 北京奇虎科技有限公司 移动终端输入窗口的安全检测方法和安全检测装置

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8631330B1 (en) * 2009-08-16 2014-01-14 Bitdefender IPR Management Ltd. Security application graphical user interface customization systems and methods
CN102968590B (zh) * 2012-10-23 2015-08-05 北京奇虎科技有限公司 弹窗抑制方法和系统
CN103368957B (zh) * 2013-07-04 2017-03-15 北京奇虎科技有限公司 对网页访问行为进行处理的方法及系统、客户端、服务器

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8468597B1 (en) * 2008-12-30 2013-06-18 Uab Research Foundation System and method for identifying a phishing website
CN102592067A (zh) * 2011-01-17 2012-07-18 腾讯科技(深圳)有限公司 一种网页识别方法、装置及系统
CN103795703A (zh) * 2011-04-18 2014-05-14 北京奇虎科技有限公司 一种保证用户网络安全性的方法及客户端
CN102622553A (zh) * 2012-04-24 2012-08-01 腾讯科技(深圳)有限公司 检测网页安全的方法及装置
CN102737183A (zh) * 2012-06-12 2012-10-17 腾讯科技(深圳)有限公司 网页安全访问的方法及装置
CN103825866A (zh) * 2012-11-19 2014-05-28 腾讯科技(深圳)有限公司 一种登录安全检测方法和装置
CN103390128A (zh) * 2013-08-01 2013-11-13 贝壳网际(北京)安全技术有限公司 页面的标注方法、装置与终端设备
CN104021339A (zh) * 2014-06-10 2014-09-03 北京奇虎科技有限公司 移动终端的安全支付方法及装置
CN104021467A (zh) * 2014-06-12 2014-09-03 北京奇虎科技有限公司 保护移动终端支付安全的方法和装置以及移动终端
CN104134143A (zh) * 2014-07-15 2014-11-05 北京奇虎科技有限公司 移动支付安全的保护方法、装置及云服务器
CN104182687A (zh) * 2014-08-01 2014-12-03 北京奇虎科技有限公司 移动终端输入窗口的安全检测方法和安全检测装置

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10565368B2 (en) 2015-07-21 2020-02-18 Samsung Electronics Co., Ltd. Electronic device and method of controlling same
CN112084501A (zh) * 2020-09-18 2020-12-15 珠海豹趣科技有限公司 一种恶意程序的检测方法、装置、电子设备及存储介质
CN114186124A (zh) * 2021-11-22 2022-03-15 北京达佳互联信息技术有限公司 信息推送方法、装置、电子设备及存储介质
CN116051868A (zh) * 2023-03-31 2023-05-02 山东大学 一种面向windows系统的界面元素识别方法

Also Published As

Publication number Publication date
CN104182687A (zh) 2014-12-03
CN104182687B (zh) 2016-10-05

Similar Documents

Publication Publication Date Title
WO2016015680A1 (fr) Procédé et appareil de détection de sécurité pour fenêtre d'entrée d'un terminal mobile
US10805346B2 (en) Phishing attack detection
ES2808954T3 (es) Procedimiento y dispositivo para su uso en la gestión de riesgos de información de aplicación
WO2015188788A1 (fr) Procédé et appareil de protection de sécurité de paiement par terminal mobile, et terminal mobile
US12206705B2 (en) Phishing protection methods and systems
US10986103B2 (en) Signal tokens indicative of malware
CN104009977B (zh) 一种信息保护的方法和系统
US9798981B2 (en) Determining malware based on signal tokens
US9516056B2 (en) Detecting a malware process
CN102882875B (zh) 主动防御方法及装置
CN104268476B (zh) 一种运行应用程序的方法
CN108763951B (zh) 一种数据的保护方法及装置
CN104200155A (zh) 基于苹果手机操作系统iOS保护用户隐私的监测装置和方法
US11809556B2 (en) System and method for detecting a malicious file
CN104598806A (zh) 一种进行登录检测的方法和装置
TWI697860B (zh) 資訊分享方法、裝置和電子設備
CN103530561A (zh) 防止木马程序基于社会工程学攻击方法和装置
CN105740709A (zh) 一种基于权限组合的安卓恶意软件检测方法
WO2016095671A1 (fr) Procédé et dispositif de traitement de message à base d'application
WO2015188728A1 (fr) Procédé, appareil et serveur en nuage pour la protection de la sécurité des paiements mobiles
CN111695113B (zh) 终端软件安装合规性检测方法、装置和计算机设备
CN113158186A (zh) 一种Android恶意软件静态检测方法
CN107832609B (zh) 基于权限特征的Android恶意软件检测方法及系统
CN109033820A (zh) 用户凭据保护方法、装置与设备
TW201911102A (zh) 利用多維度自動判定Android App惡意程度的方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15826661

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15826661

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载