External hanging accurate marking and identifying method and device based on crawler

文档序号:7806 发布日期:2021-09-17 浏览:45次 中文

1. A crawler-based external hanging accurate marking and identification method is characterized by comprising the following steps:

detecting the updating condition of the plug-in sample based on the crawler;

when detecting that the plug-in sample is updated, downloading the plug-in sample;

determining whether the plug-in sample is plug-in;

when the plug-in sample is determined to be a plug-in, classifying and marking the plug-in;

and when a file for running a program is detected, comparing the file with the classified and marked external stores, and identifying whether the file is the external store of the current game.

2. The method for accurately marking and identifying a crawler-based store-on according to claim 1, wherein when a file for running a program is detected, the file is compared with the classified and marked store-on, and after identifying whether the file is a store-on of a current game, the method further comprises:

and correcting the external hanging classification and mark based on the condition whether the user feeds back the false report or not.

3. The crawler-based store-hanging accurate marking and identification method according to claim 2, wherein said determining whether the store-hanging sample is a store-hanging comprises:

and screening the plug-in sample by using a white list to obtain a program running in a normal environment, and printing a white list label.

4. The crawler-based store-hanging accurate marking and identification method according to claim 3, wherein said determining whether the store-hanging sample is a store-hanging further comprises:

after screening, checking the uploading times of the plug-in samples, and determining that the plug-in samples are plug-ins when the uploading times are larger than a preset time threshold value.

5. The crawler-based store-hanging accurate marking and identification method according to claim 4, wherein said classifying and marking said store-hanging comprises:

classifying and marking the plug-ins according to the static information of the files of the plug-ins, wherein the static information of the files comprises icon information, file formats and static character strings.

6. The crawler-based accurate external store marking and identification method according to claim 5, wherein said classifying and marking said external store further comprises:

and classifying and marking the plug-ins according to the path information experienced by the plug-ins during downloading.

7. The crawler-based accurate external store marking and identification method according to claim 6, wherein said classifying and marking said external store further comprises:

and classifying and marking the plug-ins according to the names and the descriptions of the commodities of the plug-ins by means of word segmentation and machine learning.

8. The method for accurately marking and identifying crawler-based plug-ins according to claim 7, wherein the marking and identification is performed manually when the classifications and markings obtained using the static information of the files are different from the classifications and markings obtained using the path information experienced during the downloading.

9. The crawler-based store-hanging accurate marking and identification method according to claim 8, wherein said downloading said store-hanging sample comprises:

and calculating the updating time of the plug-in sample, downloading a compression package or program updated within the preset time, decompressing, and calculating the hash of each file.

10. The utility model provides a plug-in accurate mark and recognition device based on crawler, its characterized in that includes:

the updating detection component is used for detecting the updating condition of the plug-in sample based on the crawler;

the downloading component is used for downloading the plug-in sample when the plug-in sample is detected to be updated;

a store-in determination section for determining whether the store-in sample is a store-in;

the classification and marking part is used for classifying and marking the plug-in when the plug-in sample is determined to be the plug-in;

and the identification component is used for comparing the file with the classified and marked plug-ins when the file of the running program is detected, and identifying whether the file is the plug-in of the current game.

Background

In the existing field of game plug-ins, with the development of network verification, shell-forcing technology and cloud service, a client executes a login program, and a plug-in function program can be downloaded from a cloud end to run through network verification, so that the analysis cost of anti-plug-ins is increased, plug-ins are usually protected by shell-forcing to prevent reverse analysis, and the technical threshold for detecting plug-ins from a third party is higher and higher. In addition, the external hanging destroys the balance of the game, game manufacturers are even in pain, machine hardware is forbidden while the use of the external hanging account is forbidden, and the game environment provided by the internet bar and the cloud computer for users is possibly influenced.

Therefore, in internet cafes and cloud computer systems, a method is urgently needed which can not only ensure that a game client is not affected, but also accurately detect the running of a plug-in program and timely stop the service. Technical personnel investment is needed in the existing plug-in preventing method, but the high income of the plug-in market attracts more and more plug-in authors, and the iteration of plug-in products is very fast, so that the validity period of plug-in features extracted by a manual mode is short, and the technical investment is high.

In the prior art, feature codes are detected mainly by means of memory detection and violence scanning of a memory, technicians are required to update plug-in feature codes in real time, actual detection effects are also in direct proportion to resource occupation, some game security manufacturers try to use a big data + AI mode, but for enthusiasm of games, data are often different from those of ordinary players, and therefore the possibility of accidental injury exists, namely, higher false alarm probability exists in actual detection.

Disclosure of Invention

In order to solve the problems, the invention provides a crawler-based plug-in accurate marking and identifying method and device, which can detect whether a currently running game runs in a corresponding plug-in mode or not only without technical personnel participating in feature extraction, can complete detection under the condition of occupying extremely low client resources, and does not influence the normal experience of a user.

The invention provides a crawler-based external hanging accurate marking and identifying method, which comprises the following steps:

detecting the updating condition of the plug-in sample based on the crawler;

when detecting that the plug-in sample is updated, downloading the plug-in sample;

determining whether the plug-in sample is plug-in;

when the plug-in sample is determined to be a plug-in, classifying and marking the plug-in;

and when a file for running a program is detected, comparing the file with the classified and marked external stores, and identifying whether the file is the external store of the current game.

Preferably, in the above method for accurately marking and identifying a crawler-based store, when a file for running a program is detected, the file is compared with the store classified and marked, and after identifying whether the file is a store of a current game, the method further includes:

and correcting the external hanging classification and mark based on the condition whether the user feeds back the false report or not.

Preferably, in the above method for accurately marking and identifying a plug-in based on a crawler, the determining whether the plug-in sample is a plug-in includes:

and screening the plug-in sample by using a white list to obtain a program running in a normal environment, and printing a white list label.

Preferably, in the above method for accurately marking and identifying a plug-in based on a crawler, the determining whether the plug-in sample is a plug-in further includes:

after screening, checking the uploading times of the plug-in samples, and determining that the plug-in samples are plug-ins when the uploading times are larger than a preset time threshold value.

Preferably, in the above method for accurately marking and identifying a crawler-based store-on, the classifying and marking the store-on includes:

classifying and marking the plug-ins according to the static information of the files of the plug-ins, wherein the static information of the files comprises icon information, file formats and static character strings.

Preferably, in the above method for accurately marking and identifying a crawler-based store-on, the classifying and marking the store-on further includes:

and classifying and marking the plug-ins according to the path information experienced by the plug-ins during downloading.

Preferably, in the above method for accurately marking and identifying a crawler-based store-on, the classifying and marking the store-on further includes:

and classifying and marking the plug-ins according to the names and the descriptions of the commodities of the plug-ins by means of word segmentation and machine learning.

Preferably, in the above method for accurately marking and identifying a crawler-based plug-in, when the classification and marking obtained by using the static information of the file is different from the classification and marking obtained by using the path information experienced during downloading, the marking and identification is performed manually.

Preferably, in the above method for accurately marking and identifying a crawler-based plug-in, the downloading the plug-in sample includes:

and calculating the updating time of the plug-in sample, downloading a compression package or program updated within the preset time, decompressing, and calculating the hash of each file.

The invention provides a crawler-based external hanging accurate marking and identifying device, which comprises:

the updating detection component is used for detecting the updating condition of the plug-in sample based on the crawler;

the downloading component is used for downloading the plug-in sample when the plug-in sample is detected to be updated;

a store-in determination section for determining whether the store-in sample is a store-in;

the classification and marking part is used for classifying and marking the plug-in when the plug-in sample is determined to be the plug-in;

and the identification component is used for comparing the file with the classified and marked plug-ins when the file of the running program is detected, and identifying whether the file is the plug-in of the current game.

According to the description, the accurate external hanging marking and identifying method based on the crawler, provided by the invention, comprises the steps of detecting the updating condition of the external hanging sample based on the crawler; then when detecting that the plug-in sample is updated, downloading the plug-in sample; determining whether the plug-in sample is plug-in or not; then when the plug-in sample is determined to be a plug-in, classifying and marking the plug-in; and finally, when a file for running a program is detected, comparing the file with the classified and marked plug-ins, and identifying whether the file is the plug-in of the current game, so that the detection of the running of the client program is completed according to the mark, the corresponding plug-in running of the current running game can be detected only, technical personnel are not required to participate in extracting features, the detection can be completed under the condition of occupying extremely low client resources, the normal experience of a user is not influenced, and the protection is provided for the rental account and the cloud computer game environment. The external hanging accurate marking and identifying device based on the crawler has the same advantages as the method.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

FIG. 1 is a schematic diagram of an embodiment of a crawler-based accurate plug-in marking and identification method according to the present invention;

FIG. 2 is a schematic diagram of an example of a crawler-based accurate plug-in marking and identification method;

fig. 3 is a schematic diagram of an embodiment of a crawler-based external hanging precise marking and recognition device provided by the present invention.

Detailed Description

The core of the invention is to provide a crawler-based plug-in accurate marking and identifying method and device, which can only detect whether a currently running game has corresponding plug-in running or not, does not need technical personnel to participate in extracting features, can finish detection under the condition of occupying extremely low client resources, does not influence the normal experience of a user, accurately detects whether a corresponding game plug-in starts or not for renting numbers in an internet bar scene, and detects and terminates abnormal game behaviors of the user in a cloud computer system so as to prevent equipment from being sealed by game manufacturers.

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 1 shows an embodiment of a crawler-based accurate plug-in marking and identifying method according to the present invention, where fig. 1 is a schematic diagram of an embodiment of a crawler-based accurate plug-in marking and identifying method according to the present invention, and the method may include the following steps:

s1: detecting the updating condition of the plug-in sample based on the crawler;

specifically, the crawler can be used for detecting the updating situation on the plug-in selling website without limitation.

S2: when detecting the update of the plug-in sample, downloading the plug-in sample;

specifically, a threshold may be set and samples downloaded when the number of updates exceeds the threshold.

S3: determining whether the plug-in sample is plug-in;

the word segmentation mode can be specifically adopted to determine whether the plug-in static information proves that the plug-in static information is the plug-in.

S4: when the plug-in sample is determined to be plug-in, classifying and marking the plug-in;

specifically, the plug-in program can be distinguished according to words contained in the static information, or can be identified according to a downloading path, the plug-in program is not limited, the plug-in program is classified as a game to which the plug-in program belongs, and the plug-in program is marked.

S5: and when the file of the running program is detected, comparing the file with the classified and marked external stores, and identifying whether the file is the external store of the current game.

That is to say, the file of the running program does not need to be compared with all the plug-ins, but only the plug-ins corresponding to the game need to be compared, and the plug-in detection efficiency is greatly improved.

According to the above description, in the embodiment of the accurate external hanging marking and identification method based on the crawler, the update condition of the external hanging sample is detected based on the crawler; then when detecting that the plug-in sample is updated, downloading the plug-in sample; determining whether the plug-in sample is plug-in or not; then when the plug-in sample is determined to be plug-in, classifying and marking the plug-in; and finally, when a file of the running program is detected, comparing the file with the classified and marked plug-ins, and identifying whether the file is the plug-in of the current game, so that the running detection of the client program is completed according to the mark, the running of the current running game can be detected only by detecting whether the corresponding plug-ins run, technical personnel are not required to participate in extracting features, the detection can be completed under the condition of extremely low occupation of client resources, the normal experience of a user is not influenced, and the protection is provided for the rental account and the cloud computer game environment.

In a specific embodiment of the above crawler-based accurate plug-in marking and identifying method, when a file for running a program is detected, comparing the file with the classified and marked plug-in, and after identifying whether the file is the plug-in of the current game, the method may further include:

and correcting the externally hung classification and mark based on whether the user feeds back the false alarm.

It should be noted that when the user does not use the plug-in but is mistakenly deemed to use the plug-in when running a certain game, the user can feed back to the system, and when the user verifies that the plug-in is not used, the relevant correction is carried out, so that the next false report is avoided, and the plug-in identification accuracy is improved.

In another specific embodiment of the above crawler-based accurate external hanging marking and identifying method, determining whether the external hanging sample is an external hanging sample may include the following steps:

and screening the externally hung samples by using a white list to obtain a program running in a normal environment, and marking a white list label.

It should be noted here that the white list detection mainly detects a non-plug-in module in an updated plug-in package, such as an open-source library file or a plug-in program hijacked for normal program starting, and screens out a program that may run in a normal environment, and marks a white list tag, so that a false alarm rate can be reduced.

In another specific embodiment of the above crawler-based accurate external hanging marking and identifying method, determining whether the external hanging sample is an external hanging may further include:

after screening, checking the uploading times of the external hanging samples, and determining that the external hanging samples are external hanging when the uploading times are greater than a preset time threshold.

It should be noted that, because the sample source is the plug-in selling website and only downloads the plug-ins with updates detected, the components or the extension libraries with uploading frequency exceeding the specified frequency can be marked as plug-ins, and after the white list filtering and the uploading frequency verification, the components or the extension libraries can be regarded as plug-ins.

On the basis of the crawler-based accurate external hanging marking and identifying method, classifying and marking external hanging can comprise the following steps:

the external stores are classified and marked according to the static information of the files of the external stores, the static information of the files comprises icon information, file formats and static character strings, namely, the external stores can be accurately analyzed according to the static information of the files and then marked into the external stores of the game, when a client side of the game runs, whether the external stores run in a computer can be directly detected, and the detection efficiency is improved.

In an embodiment of the above crawler-based accurate external hanging marking and identifying method, classifying and marking external hanging may further include:

and classifying and marking the external stores according to the path information experienced by the external stores during downloading. It should be noted that the path information may include some keywords related to the game, so that it can be inferred which game the store is directed to according to the keywords.

Further, classifying and marking the overhang may further include:

and classifying and marking the plug-ins according to the names and the descriptions of the plug-ins by using word segmentation and machine learning modes. It should be noted that the titles of the plug-ins sold on the internet generally indicate which plug-ins belong to which game, so that which game the plug-ins belong to can be distinguished by utilizing a word segmentation mode, the identification modes can be combined together, or can be identified separately, which can be selected according to actual needs, of course, the correctness can be verified mutually by utilizing a plurality of combinations, and when the classification and marking obtained by utilizing the static information of the file is different from the classification and marking obtained by utilizing the path information experienced during downloading, the marking and the identification can be carried out manually.

In the above method for accurately marking and identifying a plug-in based on a crawler, the step of downloading a plug-in sample may include:

and calculating the updating time of the plug-in sample, downloading a compression package or program updated within the preset time, decompressing, and calculating the hash of each file. It should be noted that, because only the detected plug-ins with updates are downloaded, the plug-ins or the extension library are all uploaded more than 5 times.

A specific example is shown in fig. 2, and fig. 2 is a schematic diagram of an example of a crawler-based plug-in accurate marking and identification method, which includes the following steps:

(1) after the crawler acquires the file downloading link, firstly calculating the file updating time length, in order to avoid abnormal uploading frequency caused by repeated sampling, only downloading a compression package or a program updated within the time T1, decompressing the files of the compression package, and calculating the hash of each file, otherwise, going to the step (8);

(2) the files downloaded in real time may contain non-plug-in programs, if the hash of the current file exists in the database, the label A1 in the current database and the uploading times are obtained for verification, and if not, the step (4) is carried out;

(3) if A1 is the white list, the method is normally finished, and the method goes to step (8), and if A1 is externally hung and the uploading times are more than T2, the method goes to step (5);

(4) the program which is not put in a storage firstly carries out word segmentation on the path which the crawler goes through, detects the word segmentation through machine learning and marks the word segmentation as A2;

(5) static information detection is carried out on the file and the attached document, and a result A3 is obtained according to the detected keywords or characteristics;

(6) if the static information detection result is empty, the last step result (A1 or A2) is the final result, and if the static information detection result is consistent with the last step result, A3 is the final label of the file. Otherwise, turning to the step (7) to carry out manual detection;

(7) manually detecting, marking and warehousing, and adjusting static information detection characteristics or a machine learning model;

(8) switching to the next task.

To ensure the accuracy of the labeling results, programs that have no results for static information scanning should periodically add static information scanning features.

Fig. 3 shows an embodiment of a crawler-based external precise marking and recognition apparatus according to the present invention, and fig. 3 is a schematic diagram of an embodiment of a crawler-based external precise marking and recognition apparatus according to the present invention, the apparatus including:

the update detection component 301 is configured to detect an update condition of a plug-in sample based on a crawler, and specifically, may be, but is not limited to, detect an update condition on a plug-in selling website by using the crawler;

the downloading component 302 is configured to download the plug-in sample when it is detected that the plug-in sample is updated, specifically, a threshold may be set, and the sample is downloaded when the number of updates exceeds the threshold;

the plug-in determining component 303 is configured to determine whether the plug-in sample is a plug-in sample, and specifically, determine whether the plug-in sample proves to be a plug-in sample in the static information by using a word segmentation method;

the classification and marking component 304 is used for classifying and marking the plug-in when the plug-in sample is determined to be the plug-in, specifically, the plug-in of the game can be distinguished according to words contained in the static information, or the plug-in is identified according to the downloading path, the game is not limited, the plug-in is classified as the game to which the plug-in belongs, and the mark number of the plug-in is marked, so that the plug-in program sold and downloaded through a website can be marked under the condition of only needing a small amount of manual maintenance;

the identifying component 305 is configured to, when a file for running the program is detected, compare the file with the categorized and marked stores, and identify whether the file is a store of the current game, that is, the file for running the program does not need to be compared with all stores, but only the stores corresponding to the game need to be compared, so that the store detection efficiency is greatly improved.

According to the embodiment of the crawler-based plug-in accurate marking and identifying device, the running of the client program can be detected according to the mark, the fact that whether the currently running game runs in a corresponding plug-in mode or not can be detected only, technical staff does not need to participate in feature extraction, detection can be completed under the condition that extremely low client resources are occupied, normal experience of users is not affected, and protection is provided for rented account and cloud computer game environment.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

完整详细技术资料下载
上一篇:石墨接头机器人自动装卡簧、装栓机
下一篇:一种基于大数据的政策采集、清洗及自动精准推送的方法

网友询问留言

已有0条留言

还没有人留言评论。精彩留言会获得点赞!

精彩留言,会给你点赞!