CN112084502B - Software identification method and device, electronic equipment and storage medium - Google Patents
Software identification method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112084502B CN112084502B CN202010986485.1A CN202010986485A CN112084502B CN 112084502 B CN112084502 B CN 112084502B CN 202010986485 A CN202010986485 A CN 202010986485A CN 112084502 B CN112084502 B CN 112084502B
- Authority
- CN
- China
- Prior art keywords
- command line
- software
- intercepted
- identified
- line feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- User Interface Of Digital Computer (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention provides a software identification method, a device, electronic equipment and a storage medium. The scheme is as follows: acquiring a first command line characteristic in the command line information of the software to be identified; matching the first command line feature with a preset command line feature; if the first command line feature is matched with the preset command line feature, determining the software to be identified as the software to be intercepted, and intercepting the software to be intercepted. According to the technical scheme provided by the embodiment of the invention, because the command line information of the software is fixed, namely the first command line characteristic of the software to be identified is fixed, the software to be intercepted is identified through the matching condition of the command line characteristic, and the identification accuracy of the software to be intercepted is effectively improved, so that the software interception accuracy is improved.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a software identification method, a device, an electronic device, and a storage medium.
Background
With the continuous development of internet technology, various application software brings more convenience to the production and life of users. Meanwhile, the existence of various software to be intercepted brings great trouble to users. Such as various malware and advertisement popup software. Therefore, how to identify the software to be intercepted from among a plurality of software is important.
Currently, the software to be intercepted is identified by matching the basic attribute information of the software to be identified with the basic attribute information of the intercepted software. Taking the software to be intercepted as advertisement popup window software as an example, the information such as window title, window class name, window height and window width of the popup window when the software to be identified is displayed can be obtained, and the obtained information is matched with the window title, window class name, window height and window width of the popup window when various advertisement popup window software is displayed. If so, determining the software to be identified as advertisement popup software.
However, in order to avoid the identification of the security software or the security device, the basic attribute information may be randomly generated when the software to be intercepted is upgraded, which will make the identification manner unable to accurately identify the software to be intercepted, and affect the accuracy of the identification of the software to be intercepted.
Disclosure of Invention
The embodiment of the invention aims to provide a software identification method, a device, electronic equipment and a storage medium, so as to improve the accuracy of software identification to be intercepted, thereby improving the accuracy of software interception. The specific technical scheme is as follows:
The embodiment of the invention provides a software identification method, which comprises the following steps:
Acquiring a first command line characteristic in the command line information of the software to be identified;
matching the first command line feature with a preset command line feature; the preset command line characteristics are obtained based on command line information of intercepted software;
If the first command line feature is matched with the preset command line feature, determining the software to be identified as software to be intercepted;
Intercepting the software to be intercepted.
Optionally, after determining the software to be identified as the software to be intercepted, the method further includes:
Displaying a prompt message that the software to be identified is software to be intercepted;
the step of intercepting the software to be intercepted comprises the following steps:
and intercepting the software to be intercepted when receiving the interception operation triggered by the user based on the prompt message.
Optionally, the method further comprises:
When receiving the interception operation of a user on target software, acquiring a second command line characteristic in command line information of the target software;
Updating the second command line feature into the preset command line feature.
Optionally, when the first command line feature includes a plurality of command line features, the step of matching the first command line feature with a preset command line feature includes:
matching the command line feature with a preset command line feature for each command line feature in the first command line features;
If any command line feature in the first command line features is matched with the preset command line feature, determining that the first command line feature is matched with the preset command line feature;
And if each command line feature in the first command line features is not matched with the preset command line feature, determining that the first command line features are not matched with the preset command line features.
Optionally, the step of acquiring the first command line feature in the software command line information to be identified includes:
acquiring command line information from process information corresponding to the software to be identified;
and extracting the characteristics of the command line information to obtain the first command line characteristics in the software command line information to be identified.
The embodiment of the invention also provides a software identification device, which comprises:
The first acquisition module is used for acquiring first command line characteristics in the to-be-identified software command line information;
The matching module is used for matching the first command line characteristics with preset command line characteristics; the preset command line characteristics are obtained based on command line information of intercepted software;
the determining module is used for determining the software to be identified as software to be intercepted if the first command line feature is matched with the preset command line feature;
and the interception module is used for intercepting the software to be intercepted.
Optionally, the apparatus further includes:
the display module is used for displaying a prompt message that the software to be identified is the software to be intercepted after the software to be identified is determined to be the software to be intercepted;
The interception module is specifically configured to intercept the software to be intercepted when an interception operation triggered by the user based on the prompt message is received.
Optionally, the apparatus further includes:
The second acquisition module is used for acquiring a second command line characteristic in the command line information of the target software when receiving the interception operation of the target software by the user;
and the updating module is used for updating the second command line characteristic into the preset command line characteristic.
Optionally, the matching module is specifically configured to match, when the first command line feature includes a plurality of command line features, the command line feature with a preset command line feature for each command line feature in the first command line features;
If any command line feature in the first command line features is matched with the preset command line feature, determining that the first command line feature is matched with the preset command line feature;
And if each command line feature in the first command line features is not matched with the preset command line feature, determining that the first command line features are not matched with the preset command line features.
Optionally, the first obtaining module is specifically configured to obtain command line information from process information corresponding to the software to be identified; and extracting the characteristics of the command line information to obtain the first command line characteristics in the software command line information to be identified.
The embodiment of the invention also provides electronic equipment, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface, and the memory are communicated with each other through the communication bus;
A memory for storing a computer program;
And the processor is used for realizing any one of the software identification method steps when executing the program stored in the memory.
Embodiments of the present invention also provide a computer readable storage medium having a computer program stored therein, the computer program being executed by a processor to perform any of the software identification method steps described above.
Embodiments of the present invention also provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform any of the software identification methods described above.
The embodiment of the invention has the beneficial effects that:
The software identification method, the device, the electronic equipment and the storage medium provided by the embodiment of the invention can match the first command line characteristic with the preset command line characteristic in the command line information of the software to be identified, and when the first command line characteristic is matched with the preset command line characteristic, the software to be identified is determined to be the software to be intercepted, and the software to be intercepted is intercepted. Since the command line information of the software is fixed, that is, the first command line feature of the software to be identified is fixed, the software to be intercepted is identified through the matching condition of the command line feature, and the accuracy of identifying the software to be intercepted is effectively improved, so that the accuracy of intercepting the software is improved.
Of course, it is not necessary for any one product or method of practicing the invention to achieve all of the advantages set forth above at the same time.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are necessary for the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention and that other embodiments may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a software identification method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a second flow chart of a software identification method according to an embodiment of the present invention;
FIG. 3 is a third flowchart of a software identification method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a software identification device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In order to solve the problem of poor accuracy of identification of software to be intercepted in the related art, the embodiment of the invention provides a software identification method. The method can be applied to any electronic equipment, and the electronic equipment can be security equipment or personal computers (Personal Computer, PC), mobile phones and other equipment with security software. In the method provided by the embodiment of the invention, the first command line characteristic in the software command line information to be identified is obtained; matching the first command line feature with a preset command line feature; the preset command line characteristics are obtained based on command line information of intercepted software; if the first command line feature is matched with the preset command line feature, determining the software to be identified as software to be intercepted, and intercepting the software to be identified.
According to the method provided by the embodiment of the invention, the first command line feature in the command line information of the software to be identified is matched with the preset command line feature, and when the first command line feature is matched with the preset command line feature, the software to be identified is determined to be the software to be intercepted, and the software to be intercepted is intercepted. Since the command line information of the software is fixed, that is, the first command line feature of the software to be identified is fixed, the software to be intercepted is identified through the matching condition of the command line feature, and the accuracy of identifying the software to be intercepted is effectively improved, so that the accuracy of intercepting the software is improved.
The following describes embodiments of the present invention by way of specific examples.
Referring to fig. 1, fig. 1 is a schematic flow chart of a software identification method according to an embodiment of the present invention. The method comprises the following steps.
Step S101, a first command line feature in the software command line information to be identified is obtained.
In the embodiment of the invention, the software to be identified can be the software which is already opened in the electronic equipment and displayed in the display screen, or can be the software in the background operation of the electronic equipment, etc. Here, the software to be identified is not particularly limited.
In an optional embodiment, the step S101 of acquiring the first command line feature in the command line information of the software to be identified may specifically include the following step one and step two.
Step one, command line information is obtained from process information corresponding to software to be identified.
The process information at least comprises an image name and command line information corresponding to the process. In addition, the process information may include information such as a user name, a number of handles, and a description, which are not described in detail herein.
For ease of understanding, the acquisition of the command line information will be described using the example of the electronic device as a PC with a Microsoft Windows (Windows) operating system installed.
In an alternative embodiment, the PC may obtain the command line information corresponding to the process of the software to be identified according to the correspondence between the process and the command line in the task manager, to obtain the command line information of the software to be identified.
In another alternative embodiment, the PC may obtain Command line information of the software to be identified by calling a Command Prompt (CMD). If the execution instruction wmic process where caption = "… …" get caption, commandline/value, the command line information of the identification software is obtained. Wherein, … … is the image name in the corresponding process information of the software to be identified.
In the embodiment of the present invention, the acquisition of the command line information of the software to be identified is not particularly limited.
And step two, extracting features of the command line information to obtain first command line features in the software command line information to be identified.
In an alternative embodiment, the electronic device may directly determine all the obtained command line information of the software to be identified as the first command line feature of the software to be identified.
In another optional embodiment, the electronic device may perform word segmentation processing on the obtained command line information of the software to be identified, so as to obtain a plurality of command line features. The electronic equipment can screen a plurality of command line features obtained by word segmentation to obtain first command line features of the software to be identified.
For example, the command line information of a piece of software to be identified is a string composed of address 1, address 2, address 3, parameter 1 and parameter 2, and is denoted as a string a. The electronic device may perform word segmentation on the character string a to obtain an address 1, an address 2, an address 3, a parameter 1, and a parameter 2. Through filtering, the electronic device may determine parameter 1 and parameter 2 as the first command line characteristics of the software to be identified.
In the embodiment of the present invention, the parameter 1 and the parameter 2 may be respectively used as a first command line feature of the software to be identified, that is, the first command line feature includes two command line features, namely, the parameter 1 and the parameter 2. The above-mentioned parameter 1 and parameter 2 may also be used together as a first command line feature of the software to be identified.
In the embodiment of the invention, aiming at different types of software to be identified, the types and the quantity of the information included in the corresponding command line information are also different, so that the command line characteristics of each piece of software acquired by the electronic equipment are also different. Here, the first command line feature of the software to be identified is not particularly limited.
Step S102, matching the first command line feature with a preset command line feature; the preset command line feature is obtained based on command line information of the intercepted software.
In an optional embodiment, the preset command line feature may be obtained from command line information of the intercepted software according to a user's own requirement.
In another optional embodiment, the preset command line feature may be obtained by the electronic device from command line information of the software to be intercepted determined by the user.
The method for acquiring the preset command line feature may refer to the method for acquiring the first command line feature, which is not described herein.
In an embodiment of the present invention, the preset command line feature may include a plurality of command line features. For convenience of distinction, the command line feature included in the preset command line feature is hereinafter referred to as a third command line feature.
In an alternative embodiment, when the first command line feature is a command line feature, the step S102 matches the first command line feature with a preset command line feature, which may be specifically expressed as:
The electronic device may match the obtained first command line feature with each of the preset command line features, i.e., each of the third command line features. If the first command line feature includes any of the third command line features, the electronic device may determine that the first command line feature matches a preset command line feature. If each third command line feature is not included in the first command line features, the electronic device may determine that the first command line features do not match the preset command line features.
For ease of understanding, the description will be given taking the obtained first command line feature as the character string a. When any of the address 1, address 2, address 3, parameter 1, and parameter 2 constituting the character string a is identical to the third command line feature of the above-described preset command line features, the electronic device may determine that the first command line feature matches the preset command line feature.
When each of the address 1, address 2, address 3, parameter 1, and parameter 2 constituting the character string a is different from each of the third command line features in the preset command line features, the electronic device may determine that the first command line feature does not match the preset command line feature.
In another alternative embodiment, when the first command line feature includes a plurality of command line features, step S102 above matches the first command line feature with a preset command line feature, which may be specifically expressed as:
Matching the command line feature with a preset command line feature for each command line feature in the first command line features; if any command line feature in the first command line features is matched with the preset command line features, determining that the first command line features are matched with the preset command line features; if each command line feature in the first command line features does not match the preset command line feature, determining that the first command line features do not match the preset command line features.
For ease of understanding, the description will be given taking the first command line feature as an example of two command line features, i.e., parameter 1 and parameter 2, obtained from the above-mentioned character string a. The electronic device may match parameter 1 and parameter 2, respectively, with a third command line feature of the preset command line features. When parameter 1 and/or parameter 2 is the same as any of the third command line features, the electronic device may determine that the first command line feature matches the preset command line feature. When both parameter 1 and parameter 2 are different from each of the third command line features, the electronic device may determine that the first command line feature does not match the preset command line feature.
In an alternative embodiment, to improve the recognition efficiency of the software to be recognized, when the first command line feature includes a plurality of command line features, if any one of the first command line features is the same as the third command line feature, the electronic device may stop the matching process and determine that the first command line feature matches a preset command line feature.
Step S103, if the first command line feature is matched with the preset command line feature, determining the software to be identified as the software to be intercepted.
In this step, when the electronic device determines that the first command line feature matches the preset command line feature, the electronic device may determine the software to be identified as software to be intercepted.
In an alternative embodiment, when the electronic device determines that the first command line feature does not match the preset command line feature, the electronic device may determine that the software to be identified is not software to be intercepted.
Step S104, intercepting the software to be intercepted.
In an alternative embodiment, taking the above software to be identified as advertisement popup software as an example, after determining that the advertisement popup software is an advertisement to be intercepted, if the advertisement popup sent by the advertisement popup software is received, the electronic device may shield or discard the advertisement popup. I.e. the advertisement popup is not displayed in the display screen of the electronic device.
In another alternative embodiment, taking the above software to be identified as a software running in the background as an example, after determining that the software is the software to be intercepted, the electronic device may directly shut down the software and not allow the software to be booted.
In the embodiment of the invention, according to different determined categories of the software to be intercepted, the intercepting modes adopted when the software to be intercepted is intercepted are different. The method for intercepting the software to be intercepted is not particularly limited.
In the embodiment of the invention, after the software to be identified is determined to be the software to be intercepted, the operation of the software to be intercepted can be effectively blocked through the interception processing of the software to be intercepted, and the user experience is improved.
In an alternative embodiment, the electronic device may not process the software to be identified when it is determined that the software to be identified is not software to be intercepted.
Taking the above software to be identified as the popup window software for cleaning the system memory as an example, after determining that the popup window software is not the software to be intercepted, if a certain popup window sent by the popup window software is received, the electronic device may normally display the popup window.
And adopting the method shown in fig. 1 to match the first command line characteristic with the preset command line characteristic in the command line information of the software to be identified, determining the software to be identified as the software to be intercepted when the first command line characteristic is matched with the preset command line characteristic, and intercepting the software to be intercepted. Since the command line information of the software is fixed, that is, the first command line feature of the software to be identified is fixed, the software to be intercepted is identified through the matching condition of the command line feature, and the accuracy of identifying the software to be intercepted is effectively improved, so that the accuracy of intercepting the software is improved.
In another alternative embodiment, based on the method shown in fig. 1, the embodiment of the invention further provides a software identification method. Fig. 2 is a schematic diagram of a second flow chart of a software identification method according to an embodiment of the invention. The method comprises the following steps.
Step S201, a first command line feature in the software command line information to be identified is obtained.
Step S202, matching the first command line feature with a preset command line feature; the preset command line feature is obtained based on command line information of the intercepted software.
In step S203, if the first command line feature matches with the preset command line feature, the software to be identified is determined as the software to be intercepted.
The steps S201 to S203 are the same as the steps S101 to S103.
Step S204, a prompt message that the software to be identified is the software to be intercepted is displayed.
In this step, after determining that the software to be identified is software to be intercepted, the electronic device may display a prompt message that the software to be identified is software to be intercepted in a display screen. When the user sees the prompt message, the software to be identified can be determined to be the software to be intercepted, so that the processing operation, such as interception operation or closing operation, of the software to be intercepted is performed based on the prompt message.
Taking the software to be identified as the software a as an example, the prompting message may be: the software A is advertisement popup software or software A runs in the background and the like.
In an alternative embodiment, the hint message may further include a processing operation option of the software to be identified.
Still taking the software a as an example, the hint message may be: the software A is advertisement popup software, whether advertisement popup is intercepted or not, whether the software A is forced to be closed or not in the background operation, and the like.
In the embodiment of the present invention, the prompting message is not specifically limited.
In step S205, when an interception operation triggered by the user based on the prompt message is received, the software to be intercepted is intercepted.
In this step, when the user triggers the interception operation of the software to be intercepted based on the prompt message, the electronic device may intercept the software to be intercepted. The specific interception method can refer to the above step S104, and will not be described herein.
In an alternative embodiment, the user may choose not to process the software to be intercepted when seeing the prompting message. For example, the user may trigger a closing operation of the alert message, at which time the electronic device will not intercept the software to be intercepted.
In the embodiment of the invention, the user can be timely reminded of the existence of the software to be intercepted by displaying the prompt message on the display screen of the electronic equipment. And according to the interception operation triggered by the user, the software to be intercepted is intercepted, so that the user experience is improved.
In an alternative embodiment, according to the method shown in fig. 1, an embodiment of the present invention further provides a software identification method. Fig. 3 is a schematic diagram of a third flow chart of a software identification method according to an embodiment of the present invention. The method comprises the following steps.
Step S301, obtain a first command line feature in the software command line information to be identified.
Step S302, matching the first command line feature with a preset command line feature; the preset command line feature is obtained based on command line information of the intercepted software.
In step S303, if the first command line feature matches with the preset command line feature, the software to be identified is determined as the software to be intercepted.
Step S304, intercepting the software to be intercepted.
The steps S301 to S304 are the same as the steps S101 to S104.
Step S305, when receiving the interception operation of the user to the target software, acquiring the second command line feature in the command line information of the target software.
The method for acquiring the second command line feature may refer to the method for acquiring the first command line feature, which is not described herein.
In the embodiment of the invention, the target software can be newly-appeared software to be intercepted, such as newly-appeared malicious software, newly-appeared advertisement popup software and the like.
In the embodiment of the present invention, the execution sequence of the step S301 and the step S305 is not specifically limited.
Step S306, the second command line feature is updated to the preset command line feature.
In the embodiment of the present invention, for the target software, that is, the newly-appearing software to be intercepted, the electronic device cannot accurately identify the target software because the preset command line feature may not include the command line feature corresponding to the target software. Therefore, the electronic equipment can update the second command line characteristic of the target software into the preset command line characteristic according to the interception operation of the user on the target software, so that the electronic equipment can accurately determine the target software as the software to be intercepted, and the identification accuracy of the software to be intercepted is improved.
Based on the same inventive concept, the embodiment of the invention also provides a software identification device according to the software identification method provided by the embodiment of the invention. Fig. 4 is a schematic structural diagram of a software identification device according to an embodiment of the present invention, as shown in fig. 4. The device comprises the following modules.
A first obtaining module 401, configured to obtain a first command line feature in the software command line information to be identified;
A matching module 402, configured to match the first command line feature with a preset command line feature; the preset command line characteristics are obtained based on command line information of intercepted software;
The determining module 403 is configured to determine the software to be identified as the software to be intercepted if the first command line feature matches with a preset command line feature.
The interception module 404 is configured to intercept software to be intercepted.
Optionally, the software identifying apparatus may further include:
The display module is used for displaying a prompt message that the software to be identified is the software to be intercepted after the software to be identified is determined to be the software to be intercepted;
The interception module 404 may be specifically configured to intercept the software to be intercepted when an interception operation triggered by the user based on the prompt message is received.
Optionally, the software identifying apparatus may further include:
the second acquisition module is used for acquiring a second command line characteristic in the command line information of the target software when receiving the interception operation of the target software by the user;
and the updating module is used for updating the second command line characteristic into the preset command line characteristic.
Optionally, the matching module 402 may be specifically configured to match, when the first command line feature includes a plurality of command line features, the command line feature with a preset command line feature for each command line feature in the first command line feature;
If any command line feature in the first command line features is matched with the preset command line features, determining that the first command line features are matched with the preset command line features;
If each command line feature in the first command line features does not match the preset command line feature, determining that the first command line features do not match the preset command line features.
Optionally, the first obtaining module 401 may be specifically configured to obtain command line information from process information corresponding to the software to be identified; and extracting the characteristics of the command line information to obtain the first command line characteristics in the software command line information to be identified.
By the device provided by the embodiment of the invention, the first command line characteristic in the command line information of the software to be identified is matched with the preset command line characteristic, and when the first command line characteristic is matched with the preset command line characteristic, the software to be identified is determined to be the software to be intercepted, and the software to be intercepted is intercepted. Since the command line information of the software is fixed, that is, the first command line feature of the software to be identified is fixed, the software to be intercepted is identified through the matching condition of the command line feature, and the accuracy of identifying the software to be intercepted is effectively improved, so that the accuracy of intercepting the software is improved.
Based on the same inventive concept, according to the software identification method provided by the above embodiment of the present invention, as shown in fig. 5, the embodiment of the present invention further provides an electronic device, which includes a processor 501, a communication interface 502, a memory 503, and a communication bus 504, where the processor 501, the communication interface 502, and the memory 503 complete communication with each other through the communication bus 504;
a memory 503 for storing a computer program;
The processor 501 is configured to execute the program stored in the memory 503, and implement the following steps:
Acquiring a first command line characteristic in the command line information of the software to be identified;
matching the first command line feature with a preset command line feature; the preset command line characteristics are obtained based on command line information of intercepted software;
if the first command line feature is matched with the preset command line feature, determining the software to be identified as software to be intercepted;
Intercepting software to be intercepted.
According to the electronic equipment provided by the embodiment of the invention, the first command line feature in the command line information of the software to be identified is matched with the preset command line feature, and when the first command line feature is matched with the preset command line feature, the software to be identified is determined to be the software to be intercepted, and the software to be intercepted is intercepted. Since the command line information of the software is fixed, that is, the first command line feature of the software to be identified is fixed, the software to be intercepted is identified through the matching condition of the command line feature, and the accuracy of identifying the software to be intercepted is effectively improved, so that the accuracy of intercepting the software is improved.
The communication bus mentioned above for the electronic device may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but may also be a digital signal processor (DIGITAL SIGNAL Processing, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components.
Based on the same inventive concept, according to the software identification method provided by the above embodiment of the present invention, the embodiment of the present invention further provides a computer readable storage medium, in which a computer program is stored, where the computer program implements the steps of any one of the software identification methods when executed by a processor.
Based on the same inventive concept, according to the software identification method provided by the above embodiment of the present invention, the embodiment of the present invention further provides a computer program product containing instructions, which when run on a computer, cause the computer to execute any one of the software identification methods of the above embodiment.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk Solid STATE DISK (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for embodiments of the apparatus, electronic device, computer readable storage medium, and computer program product, etc., the description is relatively simple as it is substantially similar to the method embodiments, and reference is made to the section descriptions of the method embodiments for relevant points.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.
Claims (10)
1. A method of software identification, the method comprising:
acquiring a first command line characteristic in command line information of software to be identified, wherein the software to be identified comprises advertisement popup software;
Matching the first command line feature with a preset command line feature; the preset command line characteristics are obtained from command line information of intercepted software based on user requirements, and/or obtained based on command line information of the software to be intercepted determined by a user;
If the first command line feature is matched with the preset command line feature, determining the software to be identified as software to be intercepted;
Intercepting the software to be intercepted;
After determining the software to be identified as software to be intercepted, the method further comprises:
Displaying a prompt message that the software to be identified is software to be intercepted;
the step of intercepting the software to be intercepted comprises the following steps:
and intercepting the software to be intercepted when receiving the interception operation triggered by the user based on the prompt message.
2. The method according to claim 1, wherein the method further comprises:
When receiving the interception operation of a user on target software, acquiring a second command line characteristic in command line information of the target software;
Updating the second command line feature into the preset command line feature.
3. The method of claim 1, wherein when the first command line feature comprises a plurality of command line features, the step of matching the first command line feature with a preset command line feature comprises:
matching the command line feature with a preset command line feature for each command line feature in the first command line features;
If any command line feature in the first command line features is matched with the preset command line feature, determining that the first command line feature is matched with the preset command line feature;
And if each command line feature in the first command line features is not matched with the preset command line feature, determining that the first command line features are not matched with the preset command line features.
4. The method of claim 1, wherein the step of obtaining a first command line feature in the software command line information to be identified comprises:
acquiring command line information from process information corresponding to the software to be identified;
and extracting the characteristics of the command line information to obtain the first command line characteristics in the software command line information to be identified.
5. A software identification device, the device comprising:
The first acquisition module is used for acquiring first command line characteristics in the command line information of the software to be identified, wherein the software to be identified comprises advertisement popup software;
The matching module is used for matching the first command line characteristics with preset command line characteristics; the preset command line characteristics are obtained from command line information of intercepted software based on user requirements, and/or obtained based on command line information of the software to be intercepted determined by a user;
the determining module is used for determining the software to be identified as software to be intercepted if the first command line feature is matched with the preset command line feature;
The interception module is used for intercepting the software to be intercepted;
The apparatus further comprises:
the display module is used for displaying a prompt message that the software to be identified is the software to be intercepted after the software to be identified is determined to be the software to be intercepted;
The interception module is specifically configured to intercept the software to be intercepted when an interception operation triggered by the user based on the prompt message is received.
6. The apparatus of claim 5, wherein the apparatus further comprises:
The second acquisition module is used for acquiring a second command line characteristic in the command line information of the target software when receiving the interception operation of the target software by the user;
and the updating module is used for updating the second command line characteristic into the preset command line characteristic.
7. The apparatus of claim 5, wherein the matching module is specifically configured to match, for each of the first command line features, the command line feature with a preset command line feature when the first command line feature includes a plurality of command line features;
If any command line feature in the first command line features is matched with the preset command line feature, determining that the first command line feature is matched with the preset command line feature;
And if each command line feature in the first command line features is not matched with the preset command line feature, determining that the first command line features are not matched with the preset command line features.
8. The apparatus of claim 5, wherein the first obtaining module is specifically configured to obtain command line information from process information corresponding to the software to be identified; and extracting the characteristics of the command line information to obtain the first command line characteristics in the software command line information to be identified.
9. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
A memory for storing a computer program;
a processor for carrying out the method steps of any one of claims 1-4 when executing a program stored on a memory.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010986485.1A CN112084502B (en) | 2020-09-18 | 2020-09-18 | Software identification method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010986485.1A CN112084502B (en) | 2020-09-18 | 2020-09-18 | Software identification method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112084502A CN112084502A (en) | 2020-12-15 |
| CN112084502B true CN112084502B (en) | 2024-06-21 |
Family
ID=73738246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010986485.1A Active CN112084502B (en) | 2020-09-18 | 2020-09-18 | Software identification method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112084502B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254120A (en) * | 2011-08-09 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Method, system and relevant device for detecting malicious codes |
Family Cites Families (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8019656B2 (en) * | 2003-05-07 | 2011-09-13 | Cbs Interactive Inc. | System and method for generating an alternative product recommendation |
| US7698744B2 (en) * | 2004-12-03 | 2010-04-13 | Whitecell Software Inc. | Secure system for allowing the execution of authorized computer program code |
| US7827500B2 (en) * | 2005-05-12 | 2010-11-02 | Alcatel | Enhanced command line expansion |
| CN100442234C (en) * | 2005-06-21 | 2008-12-10 | 国际商业机器公司 | Software package construction method and system for embedded systems |
| WO2008030358A2 (en) * | 2006-09-01 | 2008-03-13 | Admob, Inc. | Delivering ads to mobile devices |
| CN101604364B (en) * | 2009-07-10 | 2012-08-15 | 珠海金山软件有限公司 | Classification system and classification method of computer rogue programs based on file instruction sequence |
| CN101984692B (en) * | 2010-11-15 | 2017-07-28 | 中兴通讯股份有限公司 | A kind of method and device for preventing Malware from sending data |
| JP5781616B2 (en) * | 2011-09-08 | 2015-09-24 | 株式会社日立製作所 | Vulnerability countermeasure device and vulnerability countermeasure method |
| BR112014014110A2 (en) * | 2011-12-15 | 2017-06-13 | 3M Innovative Properties Co | custom security article and methods of authenticating a security article and verifying a security article holder |
| CN102419777B (en) * | 2012-01-10 | 2013-10-02 | 凤凰在线(北京)信息技术有限公司 | System and method for filtering internet image advertisements |
| US9246933B1 (en) * | 2012-07-25 | 2016-01-26 | Symantec Corporation | Systems and methods for detecting malicious email attachments |
| CN102916937B (en) * | 2012-09-11 | 2015-11-25 | 北京奇虎科技有限公司 | A kind of method, device and client device tackling web page attacks |
| CN102999721B (en) * | 2012-11-09 | 2015-09-16 | 北京奇虎科技有限公司 | A kind of program processing method and system |
| CN102999636B (en) * | 2012-12-19 | 2016-11-16 | 北京奇虎科技有限公司 | Method and browser for intercepting and processing pop-up windows in web pages |
| CN103116722A (en) * | 2013-02-06 | 2013-05-22 | 北京奇虎科技有限公司 | Processing method, processing device and processing system of notification board information |
| CN103235913B (en) * | 2013-04-03 | 2016-12-28 | 北京奇虎科技有限公司 | A kind of for identifying, intercept the system of bundled software, Apparatus and method for |
| CN104123496B (en) * | 2014-07-03 | 2017-08-04 | 珠海市君天电子科技有限公司 | The hold-up interception method and device of a kind of rogue software, terminal |
| CN105303105A (en) * | 2015-10-20 | 2016-02-03 | 珠海市君天电子科技有限公司 | Window message interception method and device and terminal equipment |
| CN106936793B (en) * | 2015-12-30 | 2020-03-17 | 腾讯科技(深圳)有限公司 | Information interception processing method and terminal |
| CN105912935B (en) * | 2016-05-03 | 2019-06-14 | 腾讯科技(深圳)有限公司 | Commercial detection method and purposes of commercial detection device |
| CN109977671B (en) * | 2019-03-14 | 2020-10-30 | 西安电子科技大学 | A method for detecting Android lock screen ransomware based on compiler modification |
| CN110955894B (en) * | 2019-11-22 | 2022-09-30 | 深信服科技股份有限公司 | Malicious content detection method and device, electronic equipment and readable storage medium |
-
2020
- 2020-09-18 CN CN202010986485.1A patent/CN112084502B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254120A (en) * | 2011-08-09 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Method, system and relevant device for detecting malicious codes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112084502A (en) | 2020-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10735272B1 (en) | Graphical user interface for security intelligence automation platform using flows | |
| US10666666B1 (en) | Security intelligence automation platform using flows | |
| US11916964B2 (en) | Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement using API call graph | |
| CN112083973B (en) | Window closing method and device, electronic equipment and storage medium | |
| CN112394908A (en) | Method and device for automatically generating embedded point page, computer equipment and storage medium | |
| CN110113315B (en) | Service data processing method and device | |
| CN103077344A (en) | Terminal and method for providing risk of application using the same | |
| CN105787366A (en) | Android software visualization safety analysis method based on module relations | |
| CN111125688B (en) | Process control method and device, electronic equipment and storage medium | |
| CN105471935B (en) | Information prompting method and device | |
| CN110119340A (en) | Method for monitoring abnormality, device, electronic equipment and storage medium | |
| CN108427598B (en) | Message processing method, device, terminal and storage medium | |
| CN112597012B (en) | Application program traversal method, device, electronic device and storage medium | |
| CN111026392A (en) | Method and device for generating guide page and electronic equipment | |
| CN111596971A (en) | Application cleaning method and device, storage medium and electronic equipment | |
| CN113032264A (en) | Method and device for detecting page view control | |
| CN106528148A (en) | Interface skipping method, interface skipping system and terminal equipment | |
| CN112269869B (en) | Keyword query method and device | |
| CN107944261B (en) | Application management and control method and user equipment | |
| CN115378713A (en) | Block chain application early warning defense method, storage medium and electronic equipment | |
| CN112685255B (en) | Interface monitoring method, device, electronic equipment and storage medium | |
| CN112084502B (en) | Software identification method and device, electronic equipment and storage medium | |
| CN110851346A (en) | Method, device and equipment for detecting boundary problem of query statement and storage medium | |
| CN112351008B (en) | Network attack analysis method, device, readable storage medium and computer equipment | |
| US12182007B2 (en) | Method for testing application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |