应用软件恶意行为的动态告警方法和终端技术

本申请公开了一种应用软件恶意行为的动态告警方法和终端，涉及终端安全领域，用于动态调整针对应用软件恶意行为的告警。该方法包括：终端监控应用软件调用关键函数的行为；终端根据在预设时间内监控到应用软件调用关键函数的次数生成行为向量；终端基于机器学习算法，将行为向量输入恶意行为模型得到应用软件的结果向量；终端对威胁等级大于或等于告警阈值的恶意行为类型生成告警信息；终端提示告警信息；终端获取用户针对告警信息的第一反馈信息；终端根据第一反馈信息保持恶意行为类型对应的告警阈值；终端获取用户针对告警信息的第二反馈信息；终端根据第二反馈信息提高恶意行为类型对应的告警阈值。本申请实施例用于对恶意软件进行告警。

Dynamic warning method and terminal for malicious behavior of application software

The application discloses a dynamic alarm method and terminal for malicious behavior of application software, which relates to the field of terminal security, and is used to dynamically adjust the alarm for malicious behavior of application software. This method includes: the terminal monitors the behavior of the application software calling the key function; the terminal generates the behavior vector according to the number of times that the application software calls the key function in the preset time; the terminal inputs the behavior vector into the malicious behavior model based on the machine learning algorithm to get the result vector of the application software; the terminal's malicious behavior type whose threat level is greater than or equal to the alarm threshold Generate alarm information; terminal prompts alarm information; terminal obtains the first feedback information of the user for the alarm information; terminal maintains the alarm threshold corresponding to the malicious behavior type according to the first feedback information; terminal obtains the second feedback information of the user for the alarm information; terminal improves the alarm threshold corresponding to the malicious behavior type according to the second feedback information. The embodiment of the application is used for alerting malware.

【技术实现步骤摘要】
【国外来华专利技术】PCT国内申请，说明书已公开。

【技术保护点】
PCT国内申请，权利要求书已公开。

【技术特征摘要】
【国外来华专利技术】2017.11....

【专利技术属性】
技术研发人员：林子敏，刘艺锋，袁中举，
申请(专利权)人：华为技术有限公司，
类型：发明
国别省市：广东,44