CN109299610B - Method for verifying and identifying unsafe and sensitive input in android system - Google Patents
Method for verifying and identifying unsafe and sensitive input in android system Download PDFInfo
- Publication number
- CN109299610B CN109299610B CN201811163790.XA CN201811163790A CN109299610B CN 109299610 B CN109299610 B CN 109299610B CN 201811163790 A CN201811163790 A CN 201811163790A CN 109299610 B CN109299610 B CN 109299610B
- Authority
- CN
- China
- Prior art keywords
- input
- verification
- sensitive
- input verification
- sensitive input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention belongs to the technical field of program security analysis vulnerability mining, and particularly relates to an insecure sensitive input verification and identification method in an android system. The method comprises the following steps: inputting verification identification, namely extracting an interrupt branch in a program code, analyzing the code structure characteristics, and finding out an independent program branch containing an interrupt instruction to judge whether the current program execution contains the intent of checking input; sensitive input verification and identification, namely performing semantic-based clustering on a large number of input parameters by adopting natural language processing, and then, by specifying a small number of known sensitive parameters, speculating other unknown sensitive parameters by adopting machine learning; and finally, vulnerability identification, namely judging whether the input verification containing the sensitive parameters is unsafe input verification by checking whether the input verification meets the safety rules. By identifying the input verification, the system-level security vulnerability formed by the input verification can be determined, and the method has important significance for strengthening the security of a mobile system and preventing system-level attacks.
Description
Technical Field
The invention belongs to the technical field of program security analysis and vulnerability discovery, and particularly relates to a natural language processing, machine learning technology and static information flow analysis technology, in particular to an unsafe input verification identification method in an android system.
Background
Over 60% of mobile devices are using the android system, where a large number of applications related to our daily lives are running. To implement various functions, the application can read and operate android system resources, such as a GPS device and screen display, and perform sensitive operations, such as sending and deleting SMS messages. In the android system, these resources and sensitive operations are managed by more than 100 system services. It is clear that access control in these services plays an important role in the security of the overall system.
In the present invention we have performed empirical studies on a special set of key security checks in system services, which we define as sensitive input validation. The android system contains at least 700 different sensitive input verifications compared to 351 permissions contained in the system. They are used in large numbers for various purposes, such as to prevent general applications from accessing sensitive system level devices by restricting device names.
The present invention is different from conventional input validation studies. Traditional input validation research focuses on a narrow and well-defined set of sensitive inputs, such as Web inputs that may cause SQL injection attacks, and user-space pointers that are passed to the Linux kernel that may cause memory leak attacks. While the android system, by its uniqueness, does not know which inputs should be verified. Thus, the present invention is more focused on the other aspect of knowing neither which inputs should be verified, nor where these inputs need to be verified. Specifically, this is determined by the following android properties: (1) and (4) unstructured. Unlike android permission checks that rely on system-defined interfaces, such as context. In fact, any input to the disclosed method in a system service may result in sensitive input validation (a conditional statement that involves parameter checking). (2) The definition is ambiguous. Unlike rights authentication, which is described by the detailed documentation in the android rights model, there is no publicly available source to define how sensitive input verification should be performed in the android system service. Thus, it is not clear whether the input needs to be validated and completed correctly. (3) And (4) fragmenting. Sensitive input validation is scattered across a large number of Java classes. For example, in android 7.0, our evaluations show that they are widely dispersed in 173 different Java classes, while android rights guarantees are concentrated in 6 classes. Furthermore, even in the same service approach, sensitive input validation is often scattered across various execution paths, limiting system operation in a fine-grained manner.
Thus, while sensitive input verification in android services is important, security personnel overlook their security due to its inadequate design and implementation. First, system developers confuse their system security models. The Android system service may incorrectly trust input from a generic application, and even sometimes place input validation in the application program (Android SDK) process. Second, system developers can also ignore the issue of input verification when customizing the android system. However, in these contexts, there is no way in the android system to automatically identify sensitive input verifications and the security vulnerabilities that they constitute.
Disclosure of Invention
The invention aims to provide a brand-new unsafe sensitive input verification and identification method based on a code layer structure and semantic analysis driving, which is suitable for automatically identifying unsafe sensitive input verification contained in codes of an android system in a large scale.
The invention provides an insecure sensitive input verification and identification method, which is used for identifying an insecure data source depended on during verification input and comprises three parts: the method comprises the steps of code structure analysis-based input verification identification, natural language processing and machine learning-based sensitive input verification identification and security rule-based vulnerability identification.
First, based on the input verification identification of code structure analysis, an interrupt branch in the program code is extracted, such as an exception is thrown. The code structure characteristics are analyzed to find out the independent program branch containing the interrupt instruction, so as to judge whether the current program execution contains the intent of checking input.
Secondly, sensitive input verification and identification based on natural language processing and machine learning, and semantic-based clustering is carried out on a large number of input parameters by adopting natural language processing to enable synonymous parameters to be clustered together; and then, a small number of known sensitive parameters are specified, and other unknown sensitive parameters are presumed by adopting machine learning.
And (III) judging whether the input verification containing the sensitive parameters is unsafe input verification by checking whether the input verification meets the security rules based on the vulnerability recognition of the security rules.
The final design architecture of the present invention is shown in fig. 1, and the following describes three parts of the present invention in detail:
input verification recognition based on code structure analysis
Since input validation is a core problem of the present invention, we need a method to automatically identify and study input validation in the android system. This problem is very challenging because they are neither performed through predefined system interfaces nor identified through fixed APIs (e.g., permission checking). The present invention utilizes the inherent code structure features in the input validation for identification. In particular, the first requirement for input validation is that the input must be passed through the data stream to the compare statement and compared against some predefined value or result obtained dynamically from other APIs. Then, different actions are taken based on the result of the comparison. However, unlike a general program branch statement, input verification not only requires comparing the input with other data, but also immediately interrupts program execution when verification fails. For example, interrupting execution by throwing a SecurityException exception when verification fails causes the program to exit immediately. Thus, the present invention requires knowledge of which termination action will typically be taken when authentication fails. After analyzing some actual input validation in the android system, the present invention summarizes the following four interrupt operations: (1) an exception is thrown. A straightforward way to mark an application input violation of input validation is to throw exceptions such as SecurityException and IllegalArgmentException. (2) A constant is returned. The system service uses some predefined constants to show that the caller failed in the input validation and then returns as a return value in the interrupt branch. (3) And logging and returning. Logging information is useful for monitoring the operation of the system. In the interrupt branch, they typically record some information about the illegal entry and then return. (4) And recycling the resources and returning. In some cases, system services require that allocated resources be reclaimed and then returned directly.
By means of the identification of the four interrupt operations, the method for identifying input verification of the invention comprises the following steps: firstly, determining all program branch statements which can accept application input in system service; then, judging whether the branch statements contain an interrupt branch or not through code structure analysis; furthermore, some branch statements may generate a large number of program branches depending on different inputs, and these branches are generally used to process different input situations, and are not intended to check the inputs, so they should be deleted from the recognition result.
(II) sensitive input verification recognition based on natural language processing and machine learning
Currently, there is no efficient way to distinguish sensitive input validations from all input validations. It is more accurate and complete by understanding the processing logic of the input parameters in the system service and the corresponding operation type. However, this analysis method requires a large amount of a priori knowledge to describe which operations in the system are sensitive. Which is often difficult to obtain. The present invention therefore takes another distinct approach. By utilizing machine learning, we can mark a set of less known sensitive input validations as starting samples and let the machine learning automatically learn the rest using Association Rule Mining (Association Rule Mining).
When sensitive inputs are marked, the traditional method is to mark the sensitive inputs by using semantic information of variable names. For example, the identity of the caller is represented by the sensitive variable "packageName". However, the android system manages a large amount of system resources and uses multiple variable names to represent different parts. It is difficult to confirm their sensitivity if the entire android system is not fully understood. Thus, the present invention automatically discovers other potentially sensitive input validations by specifying a few initial known sensitive input validations, and then using association rule mining techniques. The reason for choosing this method is based on the correlation between sensitive input verifications, which are usually by being located in the same service method. Taking the example of "packageName" and "uid," the android system often uses them together to verify the identity of an application. Thus, their sensitivities may be positively correlated. The detailed method is as follows:
the incoming authentications are pre-grouped. One important requirement in association rule mining is the need to observe sufficient samples/occurrences of any given variable. However, if we deal with each unique variable name separately, it may eventually happen that variables flag1 and flag2 occur only once in the codebase, respectively, making association rule mining ineffective. Thus, if variables share a common term (or prefix/suffix), we can simply group them together because they are semantically highly related. To this end, the invention provides a pre-grouping of input verifications by means of input parameters in two steps: (1) the variable names are segmented and the stems are extracted. Normally, the input parameter is a word that is letter case segmented. For example, 'componentName' may be divided into 'component' and 'name', 'groupOwnerAddress' may be divided into 'group', 'lower' and 'address'. Therefore, we can break these long words into separate words. In addition, for each separate word, the present invention attempts to further identify the base word. For example, words such as 'types' and 'subtype' are derived from the basic word 'type', and prefixes'm' of the words 'mflag' and 'mname' should also be deleted. After this step, the present invention obtains the root word for each input parameter. (2) And normalizing the variable name. We can obtain a normalized name by merging the roots of each input parameter. However, even if words are segmented and word stems are used, it is difficult to avoid meaningless qualifiers, which in turn causes deviations in the final names. For example, the variable "linkaddress" may be divided into "link" and "address," and both "address" and the qualifier "link" are considered root words. To delete a qualifier, the present invention calculates the frequency of occurrence of each pair of words. If two words often occur simultaneously, we only retain the more popular words. After these steps, the present invention groups all input validations in the android system, and the input validations whose input parameters have the same normalized name are all divided into the same group for later machine learning based on association rule mining techniques.
New sensitive input verifications are learned. Without a priori knowledge, it is difficult to ascertain whether the verification involves any sensitive input. However, system developers tend to perform similar input verification in close proximity. For example, the validation of "packageName" and "uid" are typically adjacent. Thus, the present invention utilizes input verification proximity as a feature to perform association mining. Specifically, we extend the sensitive input validation set by way of association rule mining. First, the distance between each pair of input validations is calculated. Two input verifications are considered to be adjacent to each other if they occur on two basic blocks having a common edge. Then, if two input authentication groups contain multiple adjacent pairs, the groups are associated together. By this approach, starting with a few known sensitive input verifications, the present invention iteratively collects all relevant groups until a new group can no longer be discovered. The method can effectively find a large number of sensitive input verifications.
(III) vulnerability identification based on security rules
According to the invention, the vulnerability problem caused by unsafe input verification in the android system is detected from two different latitudes, and corresponding safety rules are formulated.
First, the present invention looks for unsafe input validation in each android system through intra-system analysis.
Erroneously trusting data provided by an application. Some system services verify caller identity based on input parameters, but because these parameters come from an application, they can be forged, and all of these parameters should be untrusted. Thus, if sensitive input verification verifies sensitive data provided by an application, such sensitive input verification is not secure.
Erroneously trusting code in an application process. Because of the unstructured nature of input validation, they are often placed into application processes. In particular, Android SDKs that run within application processes often include various checks on input parameters. Typically, Android SDKs package data from an application and forward it to an Android system services process. Whereas in the data packing process a large number of input verifications are used to check for illegitimate parameters, many of which are sensitive. However, these sensitive input verifications are ignored in system services. These sensitive input verifications are insecure because the application can bypass the Android SDK to directly access system services. Furthermore, the traditional understanding of the Android SDK scope includes only the exposed interfaces, but in fact those not exposed interfaces labeled as @ hide or @ systempai are also within the reach of the application, as the application can still access these hidden interfaces via reflection.
Secondly, inconsistent sensitive input verification is searched for in a plurality of android systems through intersystem analysis. In order to find sensitive input verification weakened by a third-party manufacturer, the invention detects inconsistent sensitive input verification between the android original system and the third-party customized system. First, the present invention needs to find similar system methods among different systems to compare if the input verification is consistent. Conventional looking at only class names and method names to determine similarity is not applicable here. Since many third party vendor customized systems introduced new system services that, while performing similar functions to the android original services, their function nomenclature is also significantly different and significantly reduced in security. Therefore, the invention proposes to cluster the common interfaces of different systems according to the similarity of the method behavior. In particular, we utilize static taint analysis techniques to represent the behavior of a method based on its data dependency graph. When the behavior similarity of two function interfaces is higher than a threshold value, the invention classifies the two function interfaces into similar methods. Then, by comparing whether similar methods have the same sensitive input verification, the invention can find many sensitive input verifications which are ignored by third-party manufacturers.
The invention can determine the system level security vulnerability formed by the input verification by identifying the input verification, and has important significance for strengthening the security of the mobile system and preventing the system level attack. Specifically, the traditional identity verification vulnerability mining for the android system aims at the android permission system, and the identity verification of the android system is considered from a brand-new angle, namely the angle of input verification. Quantitatively, the android system only contains about 350 authorities, but the number of sensitive inputs is as high as 700; from the aspect of identification difficulty, the interfaces of authority verification are well defined by the android system and are only distributed in a few java classes, sensitive input verification is widely distributed, and java classes of any system service can contain the sensitive input verification. Furthermore, technically, recognizing sensitive inputs directly in the system code is a problem that is very dependent on expert experience, especially in cases where the android system code volume is large. Therefore, extracting sensitive parameters directly in the android system is a nearly impossible matter. To solve the problem, the invention firstly proposes that the sensitive input can be identified by identifying the sensitive input verification. In general, input parameters used for sensitive input verification are also necessarily sensitive. Finally, the security rule for identifying the vulnerability is formulated by deeply understanding the android system hierarchical model, and the security rule has important significance for analyzing the system architecture and enhancing the security of the system architecture.
Drawings
Fig. 1 is a system overall framework.
FIG. 2 is a sample sensitive input authentication code.
FIG. 3 shows sensitive input keywords and clusters.
Fig. 4 is a security rule.
Detailed Description
The invention designs and realizes the brand-new unsafe input verification identification method based on the combination of natural language processing and machine learning. This section introduces details of the specific implementation of the framework.
Input verification recognition based on code structure analysis
The android system is analyzed on the basis of a Soot framework tool. The Soot framework is a mature Java program decompilation tool. Firstly, the android system image is decompressed, all Java class files are extracted from the android system image, then the Soot is used for decompiling, and the intermediate representation (the Jimple format file) of the system code is obtained. Then, in the decompiled Jimple codes, all android system services, methods in the system services and input variables are extracted to serve as code information sources to be analyzed. In extracting system services, the present invention considers not only all system services declared and registered in Java class, but also the system services they use. This enables the invention to cover the capabilities of a part of the system services that are implemented based on Native.
For the extracted system services, the invention finds out all the open methods contained in the system services by analyzing the interface definition, and then performs path-sensitive data flow taint analysis on each method. Meanwhile, aiming at data flow taint analysis among methods, the invention optimizes a large number of inaccessible nodes by filtering out nodes protected by system-level authority, thereby greatly reducing the time overhead of taint analysis sensitive to the path and reducing the complexity of path traversal.
Sensitive input verification identification based on natural language processing and machine learning
The invention uses the Stanford Parser implemented based on Java to perform the natural language processing analysis. The Stanford Parser is a common grammar parsing tool, can parse the structure of a sentence and mark part-of-speech tags for different participle units in the sentence, and also provides a plurality of methods for displaying the dependency relationship among the participle units in the sentence. Therefore, the method is selected to realize lexical analysis and dependency analysis. In addition, the present invention uses WordNet for longest word matching to identify the valid root word for each word. The specific method is that all characters are matched continuously until the longest character which can be matched is matched.
The present invention uses rule mining techniques for machine learning. A particular feature is to calculate the distance between adjacent input validations. The distance threshold is set to 3, i.e. if two input validations can be found within 3 basic code blocks, then both are considered relevant.
Vulnerability identification based on security rules
The present invention uses behavior similarity as a feature to find similar system service methods. The similarity threshold is set to 0.7. Experiments with 4 third party vendor customized systems showed that 0.7 is the largest threshold for finding similar methods. A larger threshold, e.g. 0.8, would only find the same, but not similar, approach, which is not in accordance with the requirements of the present invention. The present invention then performs a difference set comparison of the input verifications of similar methods, i.e., checks to see if one method lacks some input verification relative to another, to find systematic methods for which the input verification is weakened.
Through the framework, the invention realizes a vulnerability tool for mining based on unsafe input verification in the android system. The effectiveness of the method provided by the invention is proved through detection and analysis of an actual system. Firstly, through static analysis, the tool covers the detection of most system services in the android system, including the system services which are partially realized depending on Native. Secondly, the tool of the present invention discovers 20 system level vulnerabilities in 8 android systems. For example, the system service accessitimymanagervice identifies the application identity by using the untrusted parameter packageName, and by forging the parameter, malicious software can bypass authentication and border-crossing access, so that attacks such as interface hijacking, password leakage and the like are caused; the system service WindowManagerService utilizes an untrusted parameter Toast _ Type to identify the window Type, and by forging the parameter, malicious software can bypass authority verification to construct a system level window, so that window phishing attack aiming at any application software is caused; in addition, there are other vulnerabilities that lead to attacks such as delegation, information leakage, system log cleansing, and the like. The vulnerabilities cannot be covered by traditional work because the vulnerabilities are based on unsafe sensitive input verification, and the invention fills up the gap in the research field.
Claims (3)
1. An unsafe sensitive input verification and identification method in an android system is characterized in that an unsafe data source depended during verification input is identified, and the method comprises the following specific steps:
firstly, extracting an interrupt branch in a program code, analyzing the code structure characteristics, and finding out an independent program branch containing an interrupt instruction to judge whether the current program execution contains the intention of checking input;
secondly, sensitive input verification and identification based on natural language processing and machine learning, and semantic-based clustering is carried out on a large number of input parameters by adopting natural language processing to enable synonymous parameters to be clustered together; then, a small number of known sensitive parameters are appointed, and other unknown sensitive parameters are conjectured by adopting machine learning; finally, the process is carried out in a batch,
thirdly, judging whether the input verification containing the sensitive parameters is unsafe input verification or not by checking whether the input verification meets the safety rules or not based on the vulnerability recognition of the safety rules;
the input verification identification based on code structure analysis comprises the following steps:
the following four interrupt operations are summarized first: (1) throwing the exception, namely marking that the direct mode that the input of the application program violates the input verification is the throwing exception; (2) returning a constant, wherein the system service uses some predefined constants to display that the caller fails in the input verification and then returns the constant as a return value in the interrupt branch; (3) recording logs and returning, recording log information, recording some information related to illegal input in an interrupt branch, and then returning; (4) recovering and returning the resources, wherein in some cases, the system service needs to recover the allocated resources first and then directly return the resources;
with the recognition of these four interrupt operations, the flow of inputting the verification recognition is: firstly, determining all program branch statements which can accept application input in system service; then, judging whether the branch statements contain an interrupt branch or not through code structure analysis; in addition, for some branch statements, a large number of program branches are generated according to different inputs and are deleted from the recognition result.
2. The method for verifying and identifying unsafe sensitive input in android system according to claim 1, wherein the sensitive input verification and identification based on natural language processing and machine learning is:
by utilizing machine learning, a group of less known sensitive input verification marks are marked as initial samples, and the rest parts are automatically learned by utilizing the association rule mining technology;
when sensitive input is marked, other possibly sensitive input verification is automatically discovered by designating a few initial known sensitive input verifications and then using an association rule mining technology; the specific method comprises the following steps:
pre-grouping incoming verifications: the pre-grouping of input verification by means of input parameters is performed by the following two steps: (1) dividing variable names and extracting word stems; (2) normalizing the variable names, and obtaining normalized names by combining the root words of each input parameter, wherein the occurrence frequency of each pair of words is calculated; (3) deleting the qualifier; if two words often occur simultaneously, only the more popular words are retained; in this way, the input verifications with the same normalized name for the input parameters are divided into the same group for the machine learning part based on the association rule mining technology;
learning new sensitive input validation: expanding a sensitive input verification set in an association rule mining mode; firstly, calculating the distance between each pair of input verifications; two input verifications are considered to be adjacent to each other if they occur on two basic blocks having a common edge; then, if two input validation groups contain multiple adjacent pairs, associating the groups together; thus, starting with a few known sensitive input verifications, all relevant groups are iteratively collected until no new groups can be found anymore.
3. The method for verifying and identifying unsafe sensitive input in the android system according to claim 2, wherein the vulnerability identification based on the security rules is:
firstly, searching unsafe input verification in each android system through intra-system analysis; the method comprises the following steps:
falsely trust the data provided by the application, some system services verify caller identity based on the input parameters, but because these parameters are from the application, they can be forged, and all these parameters should be untrusted; thus, if sensitive input verification verifies sensitive data provided by an application, such sensitive input verification is not secure;
erroneously trusting code in an application process because of the unstructured nature of input validation, they are often placed into the application process;
secondly, searching inconsistent sensitive input verification in a plurality of android systems through intersystem analysis; in order to find sensitive input verification weakened by a third-party manufacturer, inconsistent sensitive input verification between the android original edition system and a third-party customized system is detected; firstly, finding out similar system methods among different systems to compare whether the input verification is consistent; clustering the common interfaces of different systems according to the similarity of the method behaviors; in particular, static taint analysis techniques are utilized to represent method behavior based on their data dependency graphs; when the behavior similarity of the two function interfaces is higher than a threshold value, classifying the two function interfaces into a similar method; then, by comparing whether the similar methods have the same sensitive input verification, a plurality of sensitive input verifications ignored by the third party manufacturer can be found.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811163790.XA CN109299610B (en) | 2018-10-02 | 2018-10-02 | Method for verifying and identifying unsafe and sensitive input in android system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811163790.XA CN109299610B (en) | 2018-10-02 | 2018-10-02 | Method for verifying and identifying unsafe and sensitive input in android system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109299610A CN109299610A (en) | 2019-02-01 |
| CN109299610B true CN109299610B (en) | 2021-03-30 |
Family
ID=65161646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811163790.XA Active CN109299610B (en) | 2018-10-02 | 2018-10-02 | Method for verifying and identifying unsafe and sensitive input in android system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109299610B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11715111B2 (en) * | 2018-09-25 | 2023-08-01 | Capital One Services, Llc | Machine learning-driven servicing interface |
| CN112395884B (en) * | 2020-11-15 | 2022-04-12 | 复旦大学 | Android API semantic relation map construction method based on code document |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101894134A (en) * | 2010-06-21 | 2010-11-24 | 南京邮电大学 | Spatial layout-based fishing webpage detection and implementation method |
| CN105022958A (en) * | 2015-07-11 | 2015-11-04 | 复旦大学 | Android application used application program vulnerability detection and analysis method based on code library security specifications |
| CN105190564A (en) * | 2013-04-11 | 2015-12-23 | 甲骨文国际公司 | Predictive diagnosis of SLA violations in cloud services by seasonal trending and forecasting with thread intensity analytics |
| CN106649783A (en) * | 2016-12-28 | 2017-05-10 | 上海智臻智能网络科技股份有限公司 | Synonym mining method and apparatus |
| CN107810480A (en) * | 2015-06-26 | 2018-03-16 | 微软技术许可有限责任公司 | Distributed according to the instruction block of performance metric |
| CN107925659A (en) * | 2015-08-15 | 2018-04-17 | 微软技术许可有限责任公司 | Domain on no domain server adds virtual name |
| CN108171073A (en) * | 2017-12-06 | 2018-06-15 | 复旦大学 | A kind of private data recognition methods based on the parsing driving of code layer semanteme |
-
2018
- 2018-10-02 CN CN201811163790.XA patent/CN109299610B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101894134A (en) * | 2010-06-21 | 2010-11-24 | 南京邮电大学 | Spatial layout-based fishing webpage detection and implementation method |
| CN105190564A (en) * | 2013-04-11 | 2015-12-23 | 甲骨文国际公司 | Predictive diagnosis of SLA violations in cloud services by seasonal trending and forecasting with thread intensity analytics |
| CN107810480A (en) * | 2015-06-26 | 2018-03-16 | 微软技术许可有限责任公司 | Distributed according to the instruction block of performance metric |
| CN105022958A (en) * | 2015-07-11 | 2015-11-04 | 复旦大学 | Android application used application program vulnerability detection and analysis method based on code library security specifications |
| CN107925659A (en) * | 2015-08-15 | 2018-04-17 | 微软技术许可有限责任公司 | Domain on no domain server adds virtual name |
| CN106649783A (en) * | 2016-12-28 | 2017-05-10 | 上海智臻智能网络科技股份有限公司 | Synonym mining method and apparatus |
| CN108171073A (en) * | 2017-12-06 | 2018-06-15 | 复旦大学 | A kind of private data recognition methods based on the parsing driving of code layer semanteme |
Non-Patent Citations (1)
| Title |
|---|
| Identifying User-Input Privacy in Mobile Applications at a Large Scale;Yuhong Nan等;《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》;20170331;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109299610A (en) | 2019-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Feng et al. | Apposcopy: Semantics-based detection of android malware through static analysis | |
| Carmony et al. | Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. | |
| US9141806B2 (en) | Mining source code for violations of programming rules | |
| US20040205411A1 (en) | Method of detecting malicious scripts using code insertion technique | |
| US9798981B2 (en) | Determining malware based on signal tokens | |
| CN114077741B (en) | Software supply chain safety detection method and device, electronic equipment and storage medium | |
| US20200012793A1 (en) | System and Method for An Automated Analysis of Operating System Samples | |
| US20160156646A1 (en) | Signal tokens indicative of malware | |
| CN104834858A (en) | Method for statically detecting malicious code in android APP (Application) | |
| Kasim | An ensemble classification-based approach to detect attack level of SQL injections | |
| KR101640479B1 (en) | Software vulnerability attack behavior analysis system based on the source code | |
| CN109299610B (en) | Method for verifying and identifying unsafe and sensitive input in android system | |
| CN114462044A (en) | UEFI (unified extensible firmware interface) firmware vulnerability static detection method and device based on taint analysis | |
| CN106845235B (en) | A kind of Android platform call back function detection method based on machine learning method | |
| Demissie et al. | Anflo: Detecting anomalous sensitive information flows in android apps | |
| CN112817877B (en) | Abnormal script detection method and device, computer equipment and storage medium | |
| US20150121508A1 (en) | Method, a computer program and apparatus for analyzing symbols in a computer | |
| Ladisa et al. | Towards the detection of malicious java packages | |
| KR102308477B1 (en) | Method for Generating Information of Malware Which Describes the Attack Charateristics of the Malware | |
| Feichtner et al. | Obfuscation-resilient code recognition in Android apps | |
| CN110287722B (en) | Sensitive permission extraction method for privacy regulation check in iOS application | |
| CN116932381A (en) | Automatic evaluation method for security risk of applet and related equipment | |
| CN114595482A (en) | Software source code privacy detection method and system based on static detection | |
| Sunkari et al. | Protect web applications against SQL Injection attacks using binary evaluation approach | |
| CN113821570B (en) | Data processing method based on block chain and SQL |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |