Intrusion prevention device and method based on security policy

Abstract

The invention discloses an intrusion prevention device and method based on a security policy. A private steal behavior can be effectively blocked and a private steal application can be effectively detected under the condition of not modifying an operating system, not influencing the normal operation of a mobile phone security application and not participating in decision by a user frequently. The device comprises a private obtaining class API monitoring module which is used for starting a private sending class API monitoring module if it is monitored that a mobile smart terminal application calls an API in a private sending class API database; the private sending class API monitoring module which is used for starting a control module when it is monitored that the mobile smart terminal application calls the API in a private sending class API database; the control module which is used for interrupting the operation of a first application and blocking the operation of the first application if it is judged that a behavior mode of the first application does not satisfy all security polices stored in a security policy library module; and an alarm module which is used for popping up a window to remind a user after the control module blocks the operation of the first application.

Description

technical field [0001] The invention relates to the technical field of privacy protection and intrusion prevention of mobile intelligent terminals, and in particular to an intrusion prevention device and method based on a security policy. Background technique [0002] With the popularization of mobile smart terminals, more and more mobile smart terminal users store personal information on their devices, so privacy theft attacks and intrusion prevention technologies on smart phones have become a hot topic in the field of mobile Internet security. [0003] For different privacy data, there are currently five types of privacy theft attacks. Privacy theft attack 1 mainly focuses on the identifiers of mobile smart terminals, including IMEI, IMSI, ICCID, and mobile phone numbers. These identifiers are used as mobile phone signs and are often bound to personal accounts or other user personal information by applications. Privacy stealing attack 2 mainly focuses on the user's locati...

AI Technical Summary

Problems solved by technology

[0008] This type of intrusion prevention technology is easily bypassed by malicious attacks, because it is difficult for the monitoring code to cover all suspicious APIs; if a privacy theft attack is implemented by injecting so library, this type of technology is difficult to achieve defense; every time a suspicious API call When discovered, users need to participate in judging whether the current behavior of obtaining privacy or sending privacy behavior is led by themselves, which will affect the user's operating experience to a certain extent

Images