CN107992745A - Kidnap countermeasure in a kind of interface based on Android platform - Google Patents

Kidnap countermeasure in a kind of interface based on Android platform Download PDF

Info

Publication number
CN107992745A
CN107992745A CN201711226580.6A CN201711226580A CN107992745A CN 107992745 A CN107992745 A CN 107992745A CN 201711226580 A CN201711226580 A CN 201711226580A CN 107992745 A CN107992745 A CN 107992745A
Authority
CN
China
Prior art keywords
interface
bag
kidnapped
trusted
countermeasure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711226580.6A
Other languages
Chinese (zh)
Inventor
翁健
梁天擎
张悦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
University of Jinan
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN201711226580.6A priority Critical patent/CN107992745A/en
Publication of CN107992745A publication Critical patent/CN107992745A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of interface based on Android platform to kidnap countermeasure, and step is as follows:S1, the interface stack for obtaining present procedure, know activity class by activity stack top:S2, know bag name according to interface class and be shown in user interface;S3, check whether the bag name is a correct bag name, if the bag inside the entitled present procedure of the bag, return to step S1, otherwise, goes to next step S4;S4, judge present user interface to be kidnapped by interface, creates a new trusted interface, is ready for covering operation;S5, using the trusted interface cover present user interface, return to step S1.This method, then by the interface built in Android, creates a new former interface of trusted interface covering when checking abduction behavior.By covering interface, the interface that malice is kidnapped will be hidden, and ensured the privacy information of user and will not be revealed because interface is kidnapped.

Description

Kidnap countermeasure in a kind of interface based on Android platform
Technical field
The present invention relates to computer to answer technical field of network security, and in particular to kidnaps at a kind of interface based on Android platform Countermeasure.
Background technology
Android interface assembly brief introduction:Interface is an application component of Android, there is provided one piece of region, user can use A certain task is completed to interact, such as dials, take pictures, browse.Interface generally takes up whole screen, but might be less that screen And float on window.
A usual Android application program is made of multiple interfaces, they are typically loose coupling relation.Often start one newly Interface, interface originally just stops, and new interface is pushed to stack top, obtains user focus.For different application programs it Between switching, Android is substantially seamless in order not to influencing user experience, and this has also given some attackers to implement attack Chance.
Kidnap process brief introduction in interface:In Android system, rogue program can pass through the api functions such as broadcast, daily record, system Key message when obtaining system operation, after user opens target program, inserts stack top by itself interface, is handed over user Mutually, complete to steal the malicious acts such as user account password, privacy of user.Specifically, attack process can be expressed as:The first step, Malware is mounted on the mobile phone of user by certain mode.Second step, Malware monitor aggrieved target, monitor aggrieved The starting operation of software.Here, any sensitive permission can be not required in rogue program during attack, so that it may obtain current Process list, and then enumerate currently running process.Malware can also be by registering a receiver response Android.intent.action.BOOT_COMPLETED broadcast events, detection service is switched in start, continuous piece Lift the presence for whether thering is goal-selling to apply in current process list.3rd step, Malware are opened listening to victim's software After dynamic, start itself, by adding flag bit FLAG_ACTIVITY_NEW_TASK so that itself interface top set, and then kidnap Interface.
The content of the invention
The purpose of the present invention is to solve drawbacks described above of the prior art, there is provided a kind of interface based on Android platform Kidnap countermeasure.
The purpose of the present invention can be reached by adopting the following technical scheme that:
Countermeasure is kidnapped at a kind of interface based on Android platform, and countermeasure is kidnapped at the interface includes following step Suddenly:
S1, the interface stack for obtaining present procedure, know activity class by activity stack top:
S2, know bag name according to interface class and be shown in user interface;
S3, check whether the bag name is a correct bag name, if the bag inside the entitled present procedure of the bag, returns Step S1, otherwise, goes to next step S4;
S4, judge present user interface to be kidnapped by interface, creates a new trusted interface, is ready for covering Operation;
S5, using the trusted interface cover present user interface, return to step S1.
Further, activity class is known by reading stack top interface class in the step S1.
Further, check whether the bag name is that a correct bag name is specific as follows in the step S3:
Before the Bao Mingyu being currently located at where the interface class of stack top that step S2 is obtained once it is legal check leave it is slow Deposit and compare, if bag name does not change, then it is assumed that do not kidnap, judged inside the entitled present procedure of the bag by interface Bag, otherwise, it is determined that the bag name is not a correct bag name.
Further, the trusted interface created in the step S4 derive from before legal inspection, by inspection History obtains a trusted interface.
Further, present user interface cover specifically such as using the trusted interface in the step S5 Under:
The trusted interface of establishment is subjected to a pop down, the trusted interface of the establishment is located at interface after pop down Stack stack top, and then recapture focus from the interface class being held as a hostage.
The starting point of the present invention is asked primarily to tackling the safety kidnapped present in current Android system on interface Topic, compared with similar technique, has following gain effect:
1. its audience covers all users using Android system.
2. method flow is simple, the workable of realization is developed.
3. coupling is low, specific defense mechanism can variation.
The advantage of current two ways can be expressed as:
1) sufficient interface information is provided a user, user is possessed the autonomous ability for judging interface and kidnapping situation, so that Reduce the trust dependence that user kidnaps anti-interface method.
2) user is prevented to the interface input data being held as a hostage using the method for covering, because user is possible to for some Reason ignores prompt message, so needing some enforceable measures to safeguard the data safety of user.
Brief description of the drawings
Fig. 1 is the flow chart that countermeasure is kidnapped at a kind of interface based on Android platform provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art All other embodiments obtained without making creative work, belong to the scope of protection of the invention.
Embodiment
Present embodiment discloses a kind of interface based on Android platform to kidnap countermeasure, and as shown in Figure 1, which robs Countermeasure is held to comprise the following steps:
Step S1, the interface stack of present procedure is obtained.Because the purpose that interface is kidnapped is to gain the input of user by cheating, and The input of user is obtained, which must remain on state, that is, be present in the stack top of interface stack.So first have to take out position In the interface class of stack top.
Step S2, analysis is located at the interface class of stack top, because the class of a normal program can all deposit in one jointly Bag under one's name, so the key point whether bag name can be kidnapped as interface.By obtaining such bag name and on boundary User oriented is shown, user can be allowed to have the ability voluntarily judged.Avoid what user trusted the blindness of anti-hijacking method Need.
Step S3, check whether the bag name is a correct bag name.The method of inspection is worked as what is obtained in step S2 It is once legal before Bao Mingyu where interface class of the anteposition in stack top to check that the caching left compares.If bag name does not occur Change, it may be considered that not kidnapped by interface.Return to step S1 at this time, is ready to check next time.Due to same Bag name is only shared by the interface class inside program, so the more change for causing bag name is all detected by any abduction behavior.
Step S4, this step can just perform in the case of only being kidnapped detecting interface.In order to avoid user is being robbed Inputted on the interface held.An interface that can be trusted is needed to cover it, a believable interface can be with source In legal inspection before.By check history, the interface that can a be trusted class can be obtained, herein create one such Example, is ready for covering operation.
Step S5, the purpose of covering operation, is to recapture focus from the interface class being held as a hostage.Because being only located at interface Just there is focus at the interface of stack stack top, so covering operation is that step S4 is created, the interface class example that can be trusted carries out one Secondary pop down.After pop down, focus will be obtained by the interface that can be trusted, and the data safety of user is protected at this time.This When return to step S1, for next time check be ready.
Above-described embodiment is the preferable embodiment of the present invention, but embodiments of the present invention and from above-described embodiment Limitation, other any Spirit Essences without departing from the present invention with made under principle change, modification, replacement, combine, simplification, Equivalent substitute mode is should be, is included within protection scope of the present invention.

Claims (5)

1. countermeasure is kidnapped at a kind of interface based on Android platform, it is characterised in that kidnaps countermeasure bag in the interface Include the following steps:
S1, the interface stack for obtaining present procedure, know activity class by activity stack top:
S2, know bag name according to interface class and be shown in user interface;
S3, check whether the bag name is a correct bag name, if the bag inside the entitled present procedure of the bag, return to step S1, otherwise, goes to next step S4;
S4, judge present user interface to be kidnapped by interface, creates a new trusted interface, is ready for covering behaviour Make;
S5, using the trusted interface cover present user interface, return to step S1.
2. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described Know activity class by reading stack top interface class in step S1.
3. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described Check whether the bag name is that a correct bag name is specific as follows in step S3:
It is once legal before the Bao Mingyu being currently located at where the interface class of stack top that step S2 is obtained to check the caching phase left Compare, if bag name does not change, then it is assumed that do not kidnap, judged inside the entitled present procedure of the bag by interface Bag, otherwise, it is determined that the bag name is not a correct bag name.
4. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described The trusted interface created in step S4 derive from before legal inspection, by check history obtain a trusted interface.
5. countermeasure is kidnapped at a kind of interface based on Android platform according to claim 1, it is characterised in that described Using the trusted interface present user interface cover in step S5 specific as follows:
The trusted interface of establishment is subjected to a pop down, the trusted interface of the establishment is located at interface stack stack after pop down Top, and then recapture focus from the interface class being held as a hostage.
CN201711226580.6A 2017-11-29 2017-11-29 Kidnap countermeasure in a kind of interface based on Android platform Pending CN107992745A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711226580.6A CN107992745A (en) 2017-11-29 2017-11-29 Kidnap countermeasure in a kind of interface based on Android platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711226580.6A CN107992745A (en) 2017-11-29 2017-11-29 Kidnap countermeasure in a kind of interface based on Android platform

Publications (1)

Publication Number Publication Date
CN107992745A true CN107992745A (en) 2018-05-04

Family

ID=62034462

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711226580.6A Pending CN107992745A (en) 2017-11-29 2017-11-29 Kidnap countermeasure in a kind of interface based on Android platform

Country Status (1)

Country Link
CN (1) CN107992745A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110309647A (en) * 2019-06-28 2019-10-08 北京金山安全软件有限公司 Processing method and device for application program, electronic equipment and storage medium
WO2019220241A1 (en) * 2018-05-15 2019-11-21 International Business Machines Corporation Malware detection
CN111027053A (en) * 2019-10-28 2020-04-17 深圳市跨越新科技有限公司 Detection method and system for Android application program with Activity hijacking prevention function
WO2020134033A1 (en) * 2018-12-24 2020-07-02 中国银联股份有限公司 Method used to determine security of application program when running, and device for same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104123498A (en) * 2014-07-18 2014-10-29 广州金山网络科技有限公司 Method and device for determining safety of Activity of Android system
CN104182686A (en) * 2013-05-23 2014-12-03 阿里巴巴集团控股有限公司 Method and device for detecting Activity hijacking risk of Android system
CN106503555A (en) * 2016-10-21 2017-03-15 维沃移动通信有限公司 A kind of method for ensureing safety of payment and mobile terminal
CN106713246A (en) * 2015-11-17 2017-05-24 中国移动通信集团公司 Method and apparatus for detecting application program page hijacking, and mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104182686A (en) * 2013-05-23 2014-12-03 阿里巴巴集团控股有限公司 Method and device for detecting Activity hijacking risk of Android system
CN104123498A (en) * 2014-07-18 2014-10-29 广州金山网络科技有限公司 Method and device for determining safety of Activity of Android system
CN106713246A (en) * 2015-11-17 2017-05-24 中国移动通信集团公司 Method and apparatus for detecting application program page hijacking, and mobile terminal
CN106503555A (en) * 2016-10-21 2017-03-15 维沃移动通信有限公司 A kind of method for ensureing safety of payment and mobile terminal

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019220241A1 (en) * 2018-05-15 2019-11-21 International Business Machines Corporation Malware detection
GB2586195A (en) * 2018-05-15 2021-02-10 Ibm Malware detection
WO2020134033A1 (en) * 2018-12-24 2020-07-02 中国银联股份有限公司 Method used to determine security of application program when running, and device for same
CN110309647A (en) * 2019-06-28 2019-10-08 北京金山安全软件有限公司 Processing method and device for application program, electronic equipment and storage medium
CN110309647B (en) * 2019-06-28 2022-02-25 北京乐蜜科技有限责任公司 Processing method and device for application program, electronic equipment and storage medium
CN111027053A (en) * 2019-10-28 2020-04-17 深圳市跨越新科技有限公司 Detection method and system for Android application program with Activity hijacking prevention function

Similar Documents

Publication Publication Date Title
EP3706022B1 (en) Permissions policy manager to configure permissions on computing devices
EP3455778B1 (en) Electronic device based security management background
EP2562673B1 (en) Apparatus and method for securing mobile terminal
US9825977B2 (en) System and method for controlling access to data of a user device using a security application that provides accessibility services
CN107992745A (en) Kidnap countermeasure in a kind of interface based on Android platform
US20200311277A1 (en) Method, system and device for security configurations
EP3610404B1 (en) Methods and apparatus to monitor permission-controlled hidden sensitive application behavior at run-time
US20200259791A1 (en) Method and system for controlling internet browsing user security
KR20160042110A (en) Operating system integrated domain management
CN1869927B (en) Device controller, method for controlling a device, and program therefor
CN109040419A (en) Record screen method, apparatus, mobile terminal and storage medium
CN104767713A (en) Account binding method, server and account binding system
CN103036852B (en) A kind of method and device realizing network entry
US9973527B2 (en) Context-aware proactive threat management system
CN108694329B (en) Mobile intelligent terminal security event credible recording system and method based on combination of software and hardware
CN107070878B (en) System and method for virus isolation of monitored application
KR20160145574A (en) Systems and methods for enforcing security in mobile computing
CN109981573B (en) Security event response method and device
KR101716690B1 (en) Unauthorized data access blocking method and computing apparatus having Unauthorized data access blocking function
Sasi et al. A Comprehensive Survey on IoT Attacks: Taxonomy, Detection Mechanisms and Challenges
Zlatanov Computer security and mobile security challenges
CN106022105B (en) A kind of command processing method and device
KR101946569B1 (en) Method and apparatus for preventing outgoing call spoofing in mobile operating system, computer readable medium and computer program
Walls et al. A study of the effectiveness abs reliability of android free anti-mobile malware apps
CN105930729A (en) Keyboard focus changing method and device and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180504