CN108256328A - Identify the method and device of counterfeit application - Google Patents
Identify the method and device of counterfeit application Download PDFInfo
- Publication number
- CN108256328A CN108256328A CN201711476647.1A CN201711476647A CN108256328A CN 108256328 A CN108256328 A CN 108256328A CN 201711476647 A CN201711476647 A CN 201711476647A CN 108256328 A CN108256328 A CN 108256328A
- Authority
- CN
- China
- Prior art keywords
- application
- measured
- counterfeit
- url
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method and devices for identifying counterfeit application, are related to security technology area, can recognize that counterfeit application.The method of the present invention mainly includes:Extract the application feature of application to be measured;It is compared described using feature with the application feature of legal application each in legal application library, determines target legal copy application only identical with the certain applications feature of the application to be measured;The uniform resource position mark URL asked when intercepting and capturing using the application to be measured;By the way that the URL is matched with the domain name that the target legal copy is applied, whether the identification application to be measured is counterfeit application.The present invention is mainly suitable in the scene for identifying true and false application.
Description
Technical field
The present invention relates to security technology area, more particularly to a kind of method and device for identifying counterfeit application.
Background technology
With the fast development of mobile terminal, the type and quantity of application software all greatly increase.At present, not only there is the video soft
The various softwares such as part, chat software, Games Software, shopping software, and for each software, different vendor also develops
Oneself unique specific software, such as shopping software just have a day cat, Jingdone district, only product that can wait various specific softwares.
However, but there is appearance and its similar counterfeit application is applied to legal copy in the application software of magnanimity, no
Method molecule is made profit by inveigling user using counterfeit application, and the fraudulent act is rampant always more than at present.Therefore, how efficiently
Accurately identify whether application is that counterfeit application becomes more important.
Invention content
In view of this, the method and device of the counterfeit application of identification provided by the invention, it is counterfeit its object is to identify
Using.
The purpose of the present invention is what is realized using following technical scheme:
In a first aspect, the present invention provides a kind of method for identifying counterfeit application, the method includes:
Extract the application feature of application to be measured;
Be compared described using feature with the application feature of legal application each in legal application library, it is determining only with institute
State the identical target legal copy application of the certain applications feature of application to be measured;
The uniform resource position mark URL asked when intercepting and capturing using the application to be measured;
By the way that the URL is matched with the domain name that the target legal copy is applied, the identification application to be measured whether be
Counterfeit application.
Optionally, described by the way that the URL is matched with the domain name that the target legal copy is applied, identification is described to be measured
Using whether being that counterfeit application includes:
Domain names of all URL of intercepting and capturing respectively with target legal copy application is matched;
If the number with the URL of domain name successful match is greater than or equal to predetermined threshold value, it is determined that the application to be measured
It is not counterfeit application;
If the predetermined threshold value is respectively less than with the number of the URL of the domain name successful match of each target legal copy application, really
The fixed application to be measured is counterfeit application.
Optionally, after determining that the application to be measured is counterfeit application, the method further includes:
When the application of target legal copy only there are one when, by the target legal copy application be determined as it is described it is to be measured using it is counterfeit should
With;
When target legal copy application has multiple, the application name of application to be measured and answering for target legal copy application are calculated respectively
The similarity of application icon applied with the application icon of the similarity of name, application to be measured with the target legal copy;And by two
The target legal copy application of the sum of similarity maximum is determined as described to be measured using counterfeit application.
Optionally, the application feature includes application name, using unique mark, application icon and installation certificate.
Optionally, the uniform resource position mark URL asked includes when the intercepting and capturing are using the application to be measured:
It intercepts and captures in sandbox environment using described to be measured in application, the URL of the application request to be measured.
Optionally, the method further includes:
When determining that the application to be measured is counterfeit in application, output is for showing that the application to be measured is the announcement of counterfeit application
Alert prompt message.
Second aspect, the present invention provides a kind of device for identifying counterfeit application, described device includes:
Extraction unit, for extracting the application feature of application to be measured;
Determination unit, for comparing described using feature and the application feature of legal application each in legal application library
It is right, determine target legal copy application only identical with the certain applications feature of the application to be measured;
Unit is intercepted and captured, for the uniform resource position mark URL asked when intercepting and capturing using the application to be measured;
Recognition unit, for by the way that the URL is matched with the domain name that the target legal copy is applied, being treated described in identification
Survey whether application is counterfeit application.
Optionally, the recognition unit includes:
Matching module, for domain names of all URL intercepted and captured respectively with target legal copy application to be matched;
Determining module, for when the number of the URL with domain name successful match is greater than or equal to predetermined threshold value, determining
The application to be measured is not counterfeit application;When the number of the URL for the domain name successful match applied with each target legal copy is respectively less than
During the predetermined threshold value, it is counterfeit application to determine the application to be measured.
Optionally, the determination unit is additionally operable to after determining that the application to be measured is counterfeit application, when target legal copy
Using only there are one when, the target legal copy application is determined as described to be measured using counterfeit application;
Described device further includes:
Computing unit, for when target legal copy application has multiple, calculating the application name of application to be measured and the mesh respectively
The phase of application icon that the similarity of application name of the legal application of mark, the application icon of application to be measured are applied with the target legal copy
Like degree;
The determination unit, be additionally operable to by the target legal copy application of the sum of two similarities maximum be determined as it is described it is to be measured should
With counterfeit application.
Optionally, the application feature includes application name, using unique mark, application icon and installation certificate.
Optionally, the intercepting and capturing unit, for intercept and capture in sandbox environment using it is described to be measured in application, it is described it is to be measured should
With the URL of request.
The third aspect, the present invention provides a kind of storage medium, the storage medium is stored with a plurality of instruction, described instruction
Method suitable for being loaded by processor and being performed the counterfeit application of identification as described in relation to the first aspect.
Fourth aspect, the present invention provides a kind of electronic equipment, the electronic equipment includes storage medium and processor;
The processor is adapted for carrying out each instruction;
The storage medium, suitable for storing a plurality of instruction;
Described instruction is suitable for being loaded by the processor and being performed the method for the counterfeit application of identification as described in relation to the first aspect.
By above-mentioned technical proposal, the method and device of the counterfeit application of identification provided by the invention can be extracted first to be measured
Then these are applied feature by the application feature of application using feature is corresponding with legal application each in legal application library respectively
It is compared, the target legal copy application that application to be measured may be counterfeit is quickly filtered out from a large amount of legal applications, is then passed through again
Match the URL (Uniform Resource Locator, uniform resource locator) of application request to be measured and target legal copy application
Domain name, accurately identify it is to be measured application whether be counterfeit application.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific embodiment for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this field
Technical staff will become clear.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of flow chart of method for identifying counterfeit application provided in an embodiment of the present invention;
Fig. 2 shows the flow charts of another method for identifying counterfeit application provided in an embodiment of the present invention;
Fig. 3 shows a kind of composition frame chart of device for identifying counterfeit application provided in an embodiment of the present invention;
Fig. 4 shows the composition frame chart of another device for identifying counterfeit application provided in an embodiment of the present invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
An embodiment of the present invention provides a kind of method for identifying counterfeit application, as shown in Figure 1, the method mainly includes:
101st, the application feature of application to be measured is extracted.
Wherein, the application feature includes but not limited to:Application name, using unique mark, application icon and installation certificate.
In practical applications, it is main to carry out one application of unique mark using using packet name.In addition, application to be measured can be installed in terminal
Application or downloaded installation kit but in uninstalled application or application shop or application house keeper
Using or webpage in application.
102nd, it is compared, determines only with the application feature of legal application each in legal application library using feature by described
The target legal copy application identical with the certain applications feature of the application to be measured.
Before application to be measured is identified, each application that each legal application can be obtained by official channel is special
Sign, is then stored in legal application library.It, can be by each application feature of application to be measured point when needing to identify unknown applications
It is not compared accordingly using feature with legal application each in legal application library, determines whether respective application feature is identical;
It, can be with when each each application feature using feature and some legal copy application for determining application to be measured all corresponds identical
It is exactly legal copy application to determine the application to be measured;It is applied when each application feature for determining application to be measured is corresponding with legal library
When feature differs, it may be determined that the application to be measured is unexistent application in legal application library;When determining application to be measured
It is each using in feature only have certain applications feature with some legal copy application application feature it is identical when, it may be determined that this it is to be measured answer
With may be counterfeit application that the legal copy is applied, thus can by the application to be measured may be counterfeit legal application record,
To be accurately identified subsequently through step 103 is performed to the application to be measured.
For example, the application name of application to be measured be APP1, using unique mark be com.abc.www, application icon is icon
1st, installation certificate is certificate 1, and the application name of certain legal copy application is APP1, is com.efg.www, application icon using unique mark
Be icon 2, installation certificate it is certificate 2, understands that application name and legal copy of application to be measured applied answers using feature by comparison
It is identical with name, and other features are different, may thereby determine that the application to be measured is likely to be the piracy that the legal copy is pretended to be to apply
Using, so can by the legal copy application record, so as to subsequently based on legal copy application other information to this it is to be measured answer
With accurately identify in detail.
The URL asked when the 103rd, intercepting and capturing using the application to be measured.
Since counterfeit application is usually to be submitted in a manner of by changing the calling interface in legal application to obtain user
Information, and the change of calling interface mean that access network address change, it is possible to by identifying whether URL changes
Method come accurate judgement it is to be measured application whether be counterfeit application.
It, can be by the application to be measured so as to extract the URL in request in order to obtain the request that may be sent out in application to be measured
It is positioned in sandbox environment, then constantly using the application to be measured in sandbox environment, as soon as when application to be measured sends out request,
Request is intercepted and captured, and therefrom extracts URL, until extracting all URL that the application to be measured may access.
104th, by the way that the URL is matched with the domain name that the target legal copy is applied, identify that the application to be measured is
No is counterfeit application.
It, can be respectively by each URL and the domain of target legal copy application after all URL that application to be measured may access are obtained
Name is matched, when the domain name is included in some URL, it may be determined that the URL and the domain name successful match;When the domain name does not have
When having included in the URL, it may be determined that it fails to match with the domain name by the URL.Respectively by each URL and target legal copy application
Domain name matching after the completion of, according to successful match rate come judge this it is to be measured application whether be counterfeit application.Wherein, legal copy is applied
Domain name can be obtained from the official website of software application quotient.
The method of the counterfeit application of identification provided in an embodiment of the present invention can first extract the application feature of application to be measured, so
These are compared using feature using feature accordingly with legal application each in legal application library respectively afterwards, quickly from big
The target legal copy application that application to be measured may be counterfeit is filtered out in the legal application of amount, then again by matching application request to be measured
URL and the domain name of target legal copy application accurately identify whether application to be measured is counterfeit application.
Further, according to method shown in FIG. 1, an alternative embodiment of the invention additionally provides a kind of counterfeit application of identification
Method, as shown in Fig. 2, the method mainly includes:
201st, the application feature of application to be measured is extracted.
The specific implementation of this step is identical with the specific implementation of above-mentioned steps 101, and details are not described herein.
202nd, it is compared, determines only with the application feature of legal application each in legal application library using feature by described
The target legal copy application identical with the certain applications feature of the application to be measured.
The specific implementation of this step is identical with the specific implementation of above-mentioned steps 102, and details are not described herein.
The URL asked when the 203rd, intercepting and capturing using the application to be measured.
The specific implementation of this step is identical with the specific implementation of above-mentioned steps 103, and details are not described herein.
204th, by the way that the URL is matched with the domain name that the target legal copy is applied, identify that the application to be measured is
No is counterfeit application.
It refers in the above-described embodiments, of domain name that can be applied by all URL of application to be measured with target legal copy
With success rate come determine this it is to be measured application whether be counterfeit application, therefore the specific implementation of this step can be:It will intercept and capture
All URL respectively with the target legal copy application domain name matched;If the number with the URL of domain name successful match
More than or equal to predetermined threshold value, it is determined that the application to be measured is not counterfeit application;If the domain name with the application of each target legal copy
The number of the URL of successful match is respectively less than the predetermined threshold value, it is determined that the application to be measured is counterfeit application.Wherein, due to
It may cause the application that may access the network address under other domain names because of operations such as embedded advertisements in one application,
Successful match rate is not necessarily set in 100%, is set on some threshold value, and predetermined threshold value can be according to practical warp
It tests statistics and obtains.
In addition, after determining that the application to be measured is counterfeit application, it can also determine that the application to be measured is specific imitative
Which legal application is emitted, so that user is reminded to be vigilant the download and use of the application.Specifically, when target legal copy application only has
At one, directly the target legal copy application can be determined as described to be measured using counterfeit application;When target legal copy application
When having multiple, application name and application icon generally by counterfeit legal application is applied visually to cheat use due to counterfeit
Family is downloaded and installs, it is possible to first calculate the application name of application to be measured and the application name of target legal copy application respectively
Similarity, the application of application icon and the target legal copy of application to be measured application icon similarity, then by two phases
It is determined as like the maximum target legal copy application of the sum of degree described to be measured using counterfeit application.
205th, when determining that the application to be measured is counterfeit in application, output is for showing that the application to be measured is counterfeit application
Alarm prompt.
When determining that the application to be measured is counterfeit in application, this can have been installed to remind with outputting alarm prompt information
The user of counterfeit application can unload the counterfeit application in time, the user for not installing the counterfeit application be reminded not install this counterfeit
Using.In addition, after it is which is applied to determine the counterfeit legal application of the application to be measured, can add in alarm prompt
The application feature and domain name for the legal application for adding the application to be measured counterfeit, user to be reminded subsequently to need download installation legal
It is downloaded in application, can arrive under the domain name.
The method of the counterfeit application of identification provided in an embodiment of the present invention, can not only efficiently and accurately identify unknown applications
Whether it is counterfeit application, additionally it is possible to similarity comparison be carried out by the application name and application icon with legal copy application, determine this
Unknown applications it is counterfeit be which legal application and when determining that the unknown applications are counterfeit in application, also being able to award user
Alarm prompt, to prevent user from continuing to be deceived.
Further, according to above method embodiment, it is counterfeit that an alternative embodiment of the invention additionally provides a kind of identification
The device of application, as shown in figure 3, described device mainly includes:Extraction unit 31, intercepts and captures unit 33 and identification at determination unit 32
Unit 34.Wherein,
Extraction unit 31, for extracting the application feature of application to be measured;
Determination unit 32, for being carried out described using feature and the application feature of legal application each in legal application library
It compares, determines target legal copy application only identical with the certain applications feature of the application to be measured;
Unit 33 is intercepted and captured, for the uniform resource position mark URL asked when intercepting and capturing using the application to be measured;
Recognition unit 34, for by the way that the URL is matched with the domain name that the target legal copy is applied, described in identification
Whether application to be measured is counterfeit application.
Optionally, as shown in figure 4, the recognition unit 34 includes:
Matching module 341, for domain names of all URL intercepted and captured respectively with target legal copy application to be matched;
Determining module 342, for when the number of the URL with domain name successful match be greater than or equal to predetermined threshold value when,
Determine that the application to be measured is not counterfeit application;When the number of the URL for the domain name successful match applied with each target legal copy is equal
During less than the predetermined threshold value, it is counterfeit application to determine the application to be measured.
Optionally, the determination unit 32 is additionally operable to after determining that the application to be measured is counterfeit application, when target just
When there are one version applications only, the target legal copy application is determined as described to be measured using counterfeit application;
As shown in figure 4, described device further includes:
Computing unit 35, for when target legal copy application has multiple, calculate respectively the application name of application to be measured with it is described
The similarity of application name, the application icon of application to be measured and the application icon of target legal copy application of target legal copy application
Similarity;
The determination unit 32 is additionally operable to the target legal copy application of the sum of two similarities maximum being determined as described to be measured
Using counterfeit application.
Optionally, the application feature includes application name, using unique mark, application icon and installation certificate.
Optionally, the intercepting and capturing unit 33, for intercepting and capturing in sandbox environment using described to be measured in application, described to be measured
The URL of application request.
Optionally, as shown in figure 4, described device further includes:
Output unit 36, for when determine the application to be measured be it is counterfeit in application, output for show it is described it is to be measured should
With the alarm prompt for being counterfeit application.
The device of the counterfeit application of identification provided in an embodiment of the present invention can first extract the application feature of application to be measured, so
These are compared using feature using feature accordingly with legal application each in legal application library respectively afterwards, quickly from big
The target legal copy application that application to be measured may be counterfeit is filtered out in the legal application of amount, then again by matching application request to be measured
URL and the domain name of target legal copy application accurately identify whether application to be measured is counterfeit application.Additionally it is possible to by with
The application name and application icon of legal copy application carry out similarity comparison, determine the unknown applications it is counterfeit be which it is legal should
With and when determining that the unknown applications are counterfeit in application, also being able to award user's alarm prompt, to prevent user from continuing
It is deceived.
Further, according to above method embodiment, an alternative embodiment of the invention additionally provides a kind of storage medium,
The storage medium is stored with a plurality of instruction, described instruction be suitable for being loaded by processor and perform identify as described above it is counterfeit
The method of application.
The instruction stored in storage medium provided in an embodiment of the present invention can first extract the application feature of application to be measured,
Then these are compared using feature using feature accordingly with legal application each in legal application library respectively, quickly from
The target legal copy application that application to be measured may be counterfeit is filtered out in a large amount of legal applications, then again by matching application request to be measured
The application of URL and target legal copy domain name, accurately identify whether application to be measured is counterfeit application.Additionally it is possible to pass through
Carry out similarity comparison with the application name and application icon of legal copy application, determine the unknown applications it is counterfeit be which it is legal should
With and when determining that the unknown applications are counterfeit in application, also being able to award user's alarm prompt, to prevent user from continuing
It is deceived.
Further, according to above method embodiment, an alternative embodiment of the invention additionally provides a kind of electronic equipment,
The electronic equipment includes storage medium and processor;
The processor is adapted for carrying out each instruction;
The storage medium, suitable for storing a plurality of instruction;
Described instruction is suitable for the method for being loaded by the processor and being performed the upper counterfeit application of identification.
Electronic equipment provided in an embodiment of the present invention can first extract the application feature of application to be measured, then should by these
It is compared accordingly using feature with legal application each in legal application library respectively with feature, quickly from a large amount of legal applications
In filter out the target legal copy application that application to be measured may be counterfeit, then again by matching the URL and target of application request to be measured
The domain name of legal copy application accurately identifies whether application to be measured is counterfeit application.Additionally it is possible to by with legal copy application
Application name and application icon carry out similarity comparison, determine the unknown applications it is counterfeit be which legal application and when true
The fixed unknown applications are counterfeit in application, also being able to award user's alarm prompt, to prevent user from continuing to be deceived.
The embodiment of the present invention additionally provides:
A1, a kind of method for identifying counterfeit application, the method includes:
Extract the application feature of application to be measured;
Be compared described using feature with the application feature of legal application each in legal application library, it is determining only with institute
State the identical target legal copy application of the certain applications feature of application to be measured;
The uniform resource position mark URL asked when intercepting and capturing using the application to be measured;
By the way that the URL is matched with the domain name that the target legal copy is applied, the identification application to be measured whether be
Counterfeit application.
A2, the method according to A1, the domain name progress by the way that the URL and the target legal copy are applied
Match, whether the identification application to be measured is that counterfeit application includes:
Domain names of all URL of intercepting and capturing respectively with target legal copy application is matched;
If the number with the URL of domain name successful match is greater than or equal to predetermined threshold value, it is determined that the application to be measured
It is not counterfeit application;
If the predetermined threshold value is respectively less than with the number of the URL of the domain name successful match of each target legal copy application, really
The fixed application to be measured is counterfeit application.
A3, the method according to A2, after determining that the application to be measured is counterfeit application, the method further includes:
When the application of target legal copy only there are one when, by the target legal copy application be determined as it is described it is to be measured using it is counterfeit should
With;
When target legal copy application has multiple, the application name of application to be measured and answering for target legal copy application are calculated respectively
The similarity of application icon applied with the application icon of the similarity of name, application to be measured with the target legal copy;And by two
The target legal copy application of the sum of similarity maximum is determined as described to be measured using counterfeit application.
A4, the method according to A1, the application feature include application name, using unique mark, application icon and peace
Fill certificate.
A5, the method according to A1, the uniform resource position mark URL asked when the intercepting and capturing are using the application to be measured
Including:
It intercepts and captures in sandbox environment using described to be measured in application, the URL of the application request to be measured.
A6, the method according to any one of A1 to A5, the method further include:
When determining that the application to be measured is counterfeit in application, output is for showing that the application to be measured is the announcement of counterfeit application
Alert prompt message.
B7, a kind of device for identifying counterfeit application, described device include:
Extraction unit, for extracting the application feature of application to be measured;
Determination unit, for comparing described using feature and the application feature of legal application each in legal application library
It is right, determine target legal copy application only identical with the certain applications feature of the application to be measured;
Unit is intercepted and captured, for the uniform resource position mark URL asked when intercepting and capturing using the application to be measured;
Recognition unit, for by the way that the URL is matched with the domain name that the target legal copy is applied, being treated described in identification
Survey whether application is counterfeit application.
B8, the device according to B7, the recognition unit include:
Matching module, for domain names of all URL intercepted and captured respectively with target legal copy application to be matched;
Determining module, for when the number of the URL with domain name successful match is greater than or equal to predetermined threshold value, determining
The application to be measured is not counterfeit application;When the number of the URL for the domain name successful match applied with each target legal copy is respectively less than
During the predetermined threshold value, it is counterfeit application to determine the application to be measured.
B9, the device according to B8, the determination unit, be additionally operable to determine the application to be measured be it is counterfeit using it
Afterwards, when target legal copy application only there are one when, the target legal copy application is determined as described to be measured using counterfeit application;
Described device further includes:
Computing unit, for when target legal copy application has multiple, calculating the application name of application to be measured and the mesh respectively
The phase of application icon that the similarity of application name of the legal application of mark, the application icon of application to be measured are applied with the target legal copy
Like degree;
The determination unit, be additionally operable to by the target legal copy application of the sum of two similarities maximum be determined as it is described it is to be measured should
With counterfeit application.
B10, the device according to B7, the application feature include application name, using unique mark, application icon and peace
Fill certificate.
B11, the device according to B7, the intercepting and capturing unit, for intercept and capture in sandbox environment using it is described it is to be measured should
Used time, the URL of the application request to be measured.
B12, the device according to any one of B7 to B11, described device further include:
Output unit, for when the determining application to be measured is counterfeit in application, exporting to show the application to be measured
It is the alarm prompt of counterfeit application.
C13, a kind of storage medium, the storage medium are stored with a plurality of instruction, and described instruction is suitable for being added by processor
The method for carrying and performing the counterfeit application of identification as described in any one of A1-A6.
D14, a kind of electronic equipment, the electronic equipment include storage medium and processor;
The processor is adapted for carrying out each instruction;
The storage medium, suitable for storing a plurality of instruction;
Described instruction is suitable for being loaded as the processor and being performed the counterfeit application of identification as described in any one of A1-A6
Method.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment
Point, it may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in the above method and device can be referred to mutually.In addition, in above-described embodiment
" first ", " second " etc. be for distinguishing each embodiment, and do not represent the quality of each embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit can refer to the corresponding process in preceding method embodiment, and details are not described herein.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification provided in this place, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required anti-
Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component and can be divided into addition multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Profit requirement, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, the embodiment of required protection is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization or to be run on one or more processor
Software module realize or realized with combination thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) realize the method and dress of the counterfeit application of identification according to embodiments of the present invention
The some or all functions of some or all components in putting.The present invention is also implemented as described here for performing
Some or all equipment of method or program of device (for example, computer program and computer program product).This
The program of the realization present invention of sample can may be stored on the computer-readable medium or can have one or more signal
Form.Such signal can be downloaded from internet website to be obtained either providing or with any other on carrier signal
Form provides.
It should be noted that the present invention will be described rather than limits the invention, and ability for above-described embodiment
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and run after fame
Claim.
Claims (10)
- A kind of 1. method for identifying counterfeit application, which is characterized in that the method includes:Extract the application feature of application to be measured;It is compared described using feature with the application feature of legal application each in legal application library, determines only to treat with described Survey the identical target legal copy application of the certain applications feature of application;The uniform resource position mark URL asked when intercepting and capturing using the application to be measured;By the way that the URL is matched with the domain name that the target legal copy is applied, whether the identification application to be measured is counterfeit Using.
- It is 2. according to the method described in claim 1, it is characterized in that, described by by the URL and the target legal copy application Domain name matched, identification it is described it is to be measured application whether be that counterfeit application includes:Domain names of all URL of intercepting and capturing respectively with target legal copy application is matched;If it is greater than or equal to predetermined threshold value with the number of the URL of domain name successful match, it is determined that the application to be measured is not Counterfeit application;If it is respectively less than the predetermined threshold value with the number of the URL of the domain name successful match of each target legal copy application, it is determined that institute It is counterfeit application to state application to be measured.
- 3. according to the method described in claim 2, it is characterized in that, determining that the application to be measured is institute after counterfeit application The method of stating further includes:When target legal copy application only there are one when, the target legal copy application is determined as described to be measured using counterfeit application;When target legal copy application has multiple, the application name of application to be measured and the application name of target legal copy application are calculated respectively Similarity, the application of application icon and the target legal copy of application to be measured application icon similarity;It is and similar by two The maximum target legal copy application of the sum of degree is determined as described to be measured using counterfeit application.
- 4. according to the method described in claim 1, it is characterized in that, it is described application feature include application name, using unique mark, Application icon and installation certificate.
- 5. the according to the method described in claim 1, it is characterized in that, unification asked when the intercepting and capturing are using the application to be measured Resource Locator URL includes:It intercepts and captures in sandbox environment using described to be measured in application, the URL of the application request to be measured.
- 6. the method according to any one of claims 1 to 5, it is characterized in that, the method further includes:When determining that the application to be measured is counterfeit in application, output is for showing that the application to be measured is that the alarm of counterfeit application carries Show information.
- 7. a kind of device for identifying counterfeit application, which is characterized in that described device includes:Extraction unit, for extracting the application feature of application to be measured;Determination unit, for being compared described using feature with the application feature of legal application each in legal application library, Determine target legal copy application only identical with the certain applications feature of the application to be measured;Unit is intercepted and captured, for the uniform resource position mark URL asked when intercepting and capturing using the application to be measured;Recognition unit, for by the way that the URL is matched with the domain name that the target legal copy is applied, identification it is described it is to be measured should With whether being counterfeit application.
- 8. device according to claim 7, which is characterized in that the recognition unit includes:Matching module, for domain names of all URL intercepted and captured respectively with target legal copy application to be matched;Determining module, for when the number of the URL with domain name successful match is greater than or equal to predetermined threshold value, determining described Application to be measured is not counterfeit application;Described in being respectively less than when the number of the URL for the domain name successful match applied with each target legal copy During predetermined threshold value, it is counterfeit application to determine the application to be measured.
- 9. a kind of storage medium, which is characterized in that the storage medium is stored with a plurality of instruction, and described instruction is suitable for by handling The method that device loads and performs the counterfeit application of identification as described in any one of claim 1-6.
- 10. a kind of electronic equipment, which is characterized in that the electronic equipment includes storage medium and processor;The processor is adapted for carrying out each instruction;The storage medium, suitable for storing a plurality of instruction;Described instruction is suitable for being loaded as the processor and performing the counterfeit application of identification as described in any one of claim 1-6 Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711476647.1A CN108256328A (en) | 2017-12-29 | 2017-12-29 | Identify the method and device of counterfeit application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711476647.1A CN108256328A (en) | 2017-12-29 | 2017-12-29 | Identify the method and device of counterfeit application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108256328A true CN108256328A (en) | 2018-07-06 |
Family
ID=62724595
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711476647.1A Pending CN108256328A (en) | 2017-12-29 | 2017-12-29 | Identify the method and device of counterfeit application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108256328A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109684788A (en) * | 2018-12-29 | 2019-04-26 | 上海上讯信息技术股份有限公司 | A kind of mobile application channel monitoring system and method Internet-based |
CN110135153A (en) * | 2018-11-01 | 2019-08-16 | 哈尔滨安天科技股份有限公司 | The credible detection method and device of software |
CN113434826A (en) * | 2021-07-23 | 2021-09-24 | 公安部第三研究所 | Detection method and system for counterfeit mobile application and related products |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
CN104951675A (en) * | 2014-03-31 | 2015-09-30 | 北京金山网络科技有限公司 | Pirate application recognition method and system |
CN105426706A (en) * | 2015-11-20 | 2016-03-23 | 北京奇虎科技有限公司 | Pirate application detection method, device and system |
CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
CN107222369A (en) * | 2017-07-07 | 2017-09-29 | 北京小米移动软件有限公司 | Recognition methods, device, switch and the storage medium of application program |
-
2017
- 2017-12-29 CN CN201711476647.1A patent/CN108256328A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104951675A (en) * | 2014-03-31 | 2015-09-30 | 北京金山网络科技有限公司 | Pirate application recognition method and system |
CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
CN105426706A (en) * | 2015-11-20 | 2016-03-23 | 北京奇虎科技有限公司 | Pirate application detection method, device and system |
CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
CN107222369A (en) * | 2017-07-07 | 2017-09-29 | 北京小米移动软件有限公司 | Recognition methods, device, switch and the storage medium of application program |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110135153A (en) * | 2018-11-01 | 2019-08-16 | 哈尔滨安天科技股份有限公司 | The credible detection method and device of software |
CN109684788A (en) * | 2018-12-29 | 2019-04-26 | 上海上讯信息技术股份有限公司 | A kind of mobile application channel monitoring system and method Internet-based |
CN113434826A (en) * | 2021-07-23 | 2021-09-24 | 公安部第三研究所 | Detection method and system for counterfeit mobile application and related products |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103632096B (en) | A kind of method and apparatus that safety detection is carried out to equipment | |
JP5802848B2 (en) | Computer-implemented method, non-temporary computer-readable medium and computer system for identifying Trojanized applications (apps) for mobile environments | |
CN105224869B (en) | Assembly test method and device | |
CN104537308B (en) | System and method using security audit function is provided | |
CN105635178B (en) | Ensure the block type Network Access Method and device of safety | |
CN104317599B (en) | Whether detection installation kit is by the method and apparatus of secondary packing | |
CN106845223B (en) | Method and apparatus for detecting malicious code | |
CN106548076A (en) | Method and apparatus of the detection using bug code | |
CN104143008B (en) | The method and device of fishing webpage is detected based on picture match | |
CN110929264B (en) | Vulnerability detection method and device, electronic equipment and readable storage medium | |
CN104517054A (en) | Method, device, client and server for detecting malicious APK | |
CN108256328A (en) | Identify the method and device of counterfeit application | |
CN105653947B (en) | The method and device of data safety risk is applied in a kind of assessment | |
CN104698919A (en) | Method and device for inspecting intelligent terminal | |
CN106778246A (en) | The detection method and detection means of sandbox virtualization | |
CN109086377A (en) | Generation method, device and the calculating equipment of equipment portrait | |
CN107808096A (en) | Method, terminal device and the storage medium of malicious code are injected into during detection APK operations | |
CN104486312B (en) | A kind of recognition methods of application program and device | |
CN106250761A (en) | A kind of unit identifying web automation tools and method | |
CN108322458A (en) | Web Application intrusion detections method, system, computer equipment and storage medium | |
CN106650439A (en) | Suspicious application program detection method and device | |
CN111859381A (en) | File detection method, device, equipment and medium | |
US11695793B2 (en) | Vulnerability scanning of attack surfaces | |
US8490184B2 (en) | Verification for computer programs that include external call references | |
CN104699619A (en) | Online testing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180706 |