CN109711149A - Dynamic Updating Mechanism determination method and application Life cycle behavior monitoring method - Google Patents
Dynamic Updating Mechanism determination method and application Life cycle behavior monitoring method Download PDFInfo
- Publication number
- CN109711149A CN109711149A CN201711007283.2A CN201711007283A CN109711149A CN 109711149 A CN109711149 A CN 109711149A CN 201711007283 A CN201711007283 A CN 201711007283A CN 109711149 A CN109711149 A CN 109711149A
- Authority
- CN
- China
- Prior art keywords
- application
- dynamic
- file
- local
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of Dynamic Updating Mechanism determination method, carries out behavioural analysis to application beyond the clouds;By static detection and/or dynamic detection, to judge using with the presence or absence of network connection;When application has network connection, then carries out heat and update judgement and local code load judgement;Heat updates judgement for passing through static detection and/or dynamic detection, to identify using with the presence or absence of dynamic update module;Application whether there is local loading module and without native code library for identification for local code load judgement;If then determining that there are Dynamic Updating Mechanisms for the application using there are dynamic update modules, or in the presence of local loading module and without native code library.The present invention is by updating judgement to network connection and heat, it is identified to be updated to the dynamic of application, and whether discovery application in time has updated bad module, while applied behavior analysis and detection carry out beyond the clouds, occupying system resources are few, do not influence the speed of operating system and application program operation.
Description
Technical field
The invention belongs to terminal device security technology areas, and in particular to a kind of Dynamic Updating Mechanism determination method and application
Life cycle behavior monitoring method.
Background technique
Mobile terminal refers to the computer equipment that can be used on the move, including mobile phone, tablet computer, Pos machine are even
Including vehicle-mounted computer etc..With popularizing for mobile terminal, the application of various application programs is also used widely.
In mobile application to the life of user, work belt to facilitate while, also bring security risk, have plenty of directly
Application implantation malice or bad program by technological means around detection, some application be during installation application do not carry it is any
Bad module is reloaded out after user installation, be made the user's interests are harmed;And as emerging rapidly in large numbersBamboo shoots after a spring rain with types of applications
Online, user selects safety, the cost of good experience application also higher and higher.
Summary of the invention
The technical problem to be solved by the present invention is providing a kind of Dynamic Updating Mechanism determination method and using Life cycle
Behavior monitoring method can update the dynamic of application and identify, and whether discovery application in time has updated bad module, together
When do not influence operating system and application program operation speed.
The technical solution taken by the invention to solve the above technical problem are as follows: a kind of Dynamic Updating Mechanism determination method,
It is characterized by: carrying out behavioural analysis to application beyond the clouds;
Network connection judgement, for passing through static detection and/or dynamic detection, to judge using with the presence or absence of network connection;
When application has network connection, then carries out heat and update judgement and local code load judgement;Wherein, heat updates judgement and uses
In by static detection and/or dynamic detection, apply to identify with the presence or absence of dynamic update module;Local code load judgement is used
In identification application with the presence or absence of local loading module and without native code library;
If then determining described answering using there are dynamic update modules, or in the presence of local loading module and without native code library
With there are Dynamic Updating Mechanisms.
By above-mentioned determination method, the network connection judgement specifically: parse the AndroidManifest.xml of application
File sees whether be configured with: <uses-permission android:name=" android.permission.INTERNET "
></uses-permission>, it is configured with, indicates that the application has network connection, do not configure, indicating the application, there is no nets
Network connection.
By above-mentioned determination method, the heat updates judgement specifically: is preset with and is formed to hot more new frame extracting rule
Feature database;By the file of parsing application, by the characteristic matching in the feature and feature database of the application of parsing, when the institute of parsing
Having has at least one and the rule match in feature database in feature, then judging the application, there are hot update modules.
By above-mentioned determination method, the local code loads judgement specifically: parsing application code sees wherein whether draw
With the method for Classloader Classloader or " loadLibrary " method of System class, and the file of load is not at this
Ground indicates that the application has local loading module and without native code library if meeting above-mentioned condition.
A kind of Dynamic Updating Mechanism decision-making system, it is characterised in that: the system is arranged beyond the clouds, for going to application
For analysis, comprising:
It is connected to the network judgment module, for connecting with the presence or absence of network to judge to apply by static detection and/or dynamic detection
It connects;
Heat updates judgment module, is used for when application has network connection, by static detection and/or dynamic detection, to identify
Using with the presence or absence of dynamic update module;
Local code loads judgment module, for when application has network connection, identification application to be with the presence or absence of local load mould
Block and without native code library;
Dynamic Updating Mechanism determination module, for according to heat update judgment module and local code load judgment module as a result,
If then determining that the application is deposited using there are dynamic update modules, or in the presence of local loading module and without native code library
In Dynamic Updating Mechanism.
By above system, the network connection judgment module is specifically used for parsing application
AndroidManifest.xml file sees whether be configured with <uses-permission android:name="
Android.permission.INTERNET "></uses-permission>, it is configured with, indicates that the application has network connection,
It does not configure, indicating the application, there is no network connections.
By above system, the heat updates judgment module and is formed specifically for being preset with to hot more new frame extracting rule
Feature database;By the file of parsing application, by the characteristic matching in the feature and feature database of the application of parsing, when the institute of parsing
Having has at least one and the rule match in feature database in feature, then judging the application, there are hot update modules.
By above system, the local code load judgment module is specifically used for parsing application code and sees wherein whether draw
With the method for Classloader Classloader or " loadLibrary " method of System class, and the file of load is not at this
Ground indicates that the application has local loading module and without native code library if meeting above-mentioned condition.
A kind of application Life cycle behavior monitoring method, it is characterised in that: it the following steps are included:
It determines monitored object: utilizing the Dynamic Updating Mechanism determination method, obtain that there are Dynamic Updating Mechanisms beyond the clouds
Using as monitored object;
Object monitor: in terminal, monitored object progress network linking data and code module are downloaded by setting hook point
Monitoring obtains the file that the heat of application downloading updates, and is uploaded to cloud;
Hot replacement analysis: beyond the clouds, the file updated to the heat of application downloading is analyzed, and is judged whether there is and is caused to user
Judging result is returned to terminal by the behavior of loss.
By above-mentioned monitoring method, the object monitor specifically: add in the makeDexElememts of DexPathList
Hook point is added to collect information, whether the data catalogue or sdcard catalogue detected in application has newly-increased path, if there is then
It is that heat updates obtained dex file;
So file path that hook point collects load is added in System.load, compares the timestamp and apk file of so file
Set-up time if the difference time is farther out be that heat updates obtained so file.
By above-mentioned monitoring method, the hot replacement analysis specifically: call external scan module to terminal applies in cloud
The file that heat updates carries out dangerous or bad behavior scanning, and terminal is returned result to after the completion of scanning.
By above-mentioned monitoring method, this method is further comprising the steps of: alarm: in terminal, the row that will be caused damages to user
To be shown, while showing existing risk.
The invention has the benefit that updating and carrying out to the dynamic of application by updating judgement to network connection and heat
Identification, and whether discovery application in time has updated bad module, while applied behavior analysis and detection carry out beyond the clouds, occupy system
Resource of uniting is few, does not influence the speed of operating system and application program operation.
Detailed description of the invention
Fig. 1 is the monitoring method flow chart of one embodiment of the invention.
Fig. 2 is the determination method flow chart of one embodiment of the invention.
Specific embodiment
Below with reference to specific example and attached drawing, the present invention will be further described.
The present invention provides a kind of Dynamic Updating Mechanism determination method, as shown in Fig. 2, beyond the clouds to application carry out behavior point
Analysis.
Network connection judgement, for connecting with the presence or absence of network to judge to apply by static detection and/or dynamic detection
It connects.Network connection judgement specifically: the AndroidManifest.xml file for parsing application sees whether be configured with: <uses-
Permission android:name=" android.permission.INTERNET "></uses-permission>, configuration
It then indicates that the application has network connection, does not configure, indicating the application, there is no network connections.
When application has network connection, then carries out heat and update judgement and local code load judgement;Wherein, heat updates and sentences
Break for being applied with the presence or absence of dynamic update module to identify by static detection and/or dynamic detection;Local code load is sentenced
Disconnected application for identification is with the presence or absence of local loading module and without native code library.
Heat updates judgement specifically: is preset with the feature database formed to hot more new frame extracting rule;It is applied by parsing
File, by the characteristic matching in the feature and feature database of the application of parsing, when have in all features of parsing at least one with
Rule match in feature database, then judging the application, there are hot update modules.
The hot more new frame of Ali's cloud is such as applied, the meta-data data in AndroidManifest file, which have, matches
Set relevant information:
<meta-data
android:name=”com.taobao.android.hotfix.IDSECRET”
Android:value=”App ID” />
<meta-data
android:name=”com.taobao.android.hotfix.APPSECRET”
Android:value=”App Secret” />
<meta-data
android:name=”com.taobao.android.hotfix.RSASECRET”
Android:value=" RSA code key "/>
Judge that the hot more new frame for whether applying Ali's cloud is applied just to pass through in parsing AndroidManifest file
Meta-data data see whether match with features described above, if there is this configuration, then it represents that application has heat and updates, and answers without then seeing
Whether matched with other feature with feature database Else Rule.When all features of parsing have one and feature database rule match,
It indicates that application has heat and updates, indicates that hot update module is not present in application when all mismatching.Result is recorded after the completion of analysis.
Others, such as the hot more new frame of Taobao is the API extracted using in dex file, is seen if there is
com.alipay.euler.andfix.AndFix;The hot more new frame of Amigo is the API extracted in dex file, sees whether deposit
In Amigo.workLater (context, patchApkFile, callback), etc..
Local code load judgement specifically: some applications are the more new frames oneself write, and judgment method is parsing application
Code sees " loadLibrary " method of the method or System class that wherein whether refer to Classloader Classloader, and
The file of load indicates that the application has local loading module and without native code library not in local if meeting above-mentioned condition.
If using there are dynamic update modules, or in the presence of local loading module and without native code library, then described in judgement
Application there are Dynamic Updating Mechanisms.
A kind of Dynamic Updating Mechanism decision-making system, which is arranged beyond the clouds, for carrying out behavioural analysis, packet to application
It includes:
It is connected to the network judgment module, for connecting with the presence or absence of network to judge to apply by static detection and/or dynamic detection
It connects.It is connected to the network the AndroidManifest.xml file that judgment module is specifically used for parsing application, see whether be configured with <
uses-permission android:name="android.permission.INTERNET"></uses-permission
>, it is configured with, indicates that the application has network connection, do not configure, indicating the application, there is no network connections.
Heat updates judgment module, for by static detection and/or dynamic detection, coming when application has network connection
Identification application whether there is dynamic update module.Heat updates judgment module and is specifically used for being preset with to hot more new frame extracting rule
The feature database of formation;Through the meta-data data in AndroidManifest file in parsing application, in feature database
Characteristic matching, indicated if with the presence of occurrence the application heat update, if without occurrence, by the other feature of the application with
The Else Rule of feature database is matched, when having at least one and the rule match in feature database in all features of parsing, then
Judging the application, there are hot update modules.
Local code loads judgment module, for when application exists and is connected to the network, identification application to add with the presence or absence of local
Carry module and without native code library.Local code load judgment module is specifically used for parsing application code and sees wherein whether refer to
The method of Classloader Classloader or " loadLibrary " method of System class, and the file of load is in local,
Indicate that the application has local loading module and without native code library if meeting above-mentioned condition.
Dynamic Updating Mechanism determination module, for updating the knot of judgment module and local code load judgment module according to heat
Fruit, if using there are dynamic update modules, or in the presence of local loading module and without native code library, then determine the application
There are Dynamic Updating Mechanisms.
A kind of application Life cycle behavior monitoring method, as shown in Figure 1, it the following steps are included:
S01, it determines monitored object: utilizing above-mentioned Dynamic Updating Mechanism determination method, obtain that there are Dynamic Updating Mechanisms beyond the clouds
Application, as monitored object.
S02, object monitor: in terminal, network linking data and code mould are carried out to monitored object by setting hook point
The monitoring of block downloading obtains the file that the heat of application downloading updates, and is uploaded to cloud.It is to monitor Tencent's tinker framework
Example, can the hot dex or so file updated of Dynamical capture application.Object monitor specifically: DexPathList's
MakeDexElememts adds hook point and collects information, and whether the data catalogue or sdcard catalogue detected in application has newly
The path of increasing, if there is then it is that heat updates obtained dex file;Hook point is added in System.load collects load
So file path, compare so file timestamp and apk file set-up time, if difference the time farther out, be heat more
So file newly obtained.
S03, hot replacement analysis: beyond the clouds, the file updated to the heat of application downloading is analyzed, and is judged whether there is pair
Judging result is returned to terminal by the behavior that user causes damages.Hot replacement analysis specifically: call external scan module in cloud
Dangerous or bad behavior scanning is carried out to the file that terminal applies heat updates, terminal is returned result to after the completion of scanning.
This method is further comprising the steps of: S04, alarm: in terminal, the behavior that user causes damages will be shown,
Existing risk is shown simultaneously.It can be shown with the mode for playing frame, be unsafe acts to the behavior that user causes damages
Or bad behavior.
Core of the invention is: if application there is network connection and apply hot more new frame or containing local load and
No native code library then can primitive decision apply exist dynamic update.Wherein judge to apply and whether applies hot more new frame and this
Ground load and the method without native code library, including static and two kinds of detection modes of dynamic, as static state can be special by parsing application
Sign sees the executable file whether seen with feature database rule match or parsing code with the presence or absence of the outside kind loading method load.
The method of dex file or so file that capture heat updates, and be not limited only to for different hot more new frames in corresponding key
Point setting hock collects information, captures the file that heat updates.Calling the detection of external scan module, there are dangerous or bad behaviors
Code module.
The malice or bad code module that the present invention at the first time can newly load the application containing Dynamic Updating Mechanism
User is detected and be prompted to, user is prompted to;Meanwhile applied behavior analysis and detection carry out beyond the clouds, occupying system resources are few,
The speed of operating system and application program operation is not influenced.
Above description has shown and described several embodiments of the invention, but as previously described, it should be understood that the present invention is not
It is confined to form disclosed herein, should not be regarded as an exclusion of other examples, and can be used for various other combinations, modification
And environment, and can be carried out within that scope of the inventive concept describe herein by the above teachings or related fields of technology or knowledge
Change.And changes and modifications made by those skilled in the art do not depart from the spirit and scope of the present invention, then it all should be in institute of the present invention
In attached scope of protection of the claims.
Claims (12)
1. a kind of Dynamic Updating Mechanism determination method, it is characterised in that: carry out behavioural analysis to application beyond the clouds;
Network connection judgement, for passing through static detection and/or dynamic detection, to judge using with the presence or absence of network connection;
When application has network connection, then carries out heat and update judgement and local code load judgement;Wherein, heat updates judgement and uses
In by static detection and/or dynamic detection, apply to identify with the presence or absence of dynamic update module;Local code load judgement is used
In identification application with the presence or absence of local loading module and without native code library;
If then determining described answering using there are dynamic update modules, or in the presence of local loading module and without native code library
With there are Dynamic Updating Mechanisms.
2. Dynamic Updating Mechanism determination method according to claim 1, it is characterised in that: the network connection judges tool
Body are as follows: the AndroidManifest.xml file for parsing application sees whether be configured with: <uses-permission android:
Name=" android.permission.INTERNET "></uses- permission>, it is configured with, indicates that the application has net
Network connection, does not configure, and indicating the application, there is no network connections.
3. Dynamic Updating Mechanism determination method according to claim 1, it is characterised in that: it is specific that the heat updates judgement
Are as follows: it is preset with the feature database formed to hot more new frame extracting rule;By the file of parsing application, by the spy of the application of parsing
Sign is then sentenced with the characteristic matching in feature database when having at least one and the rule match in feature database in all features of parsing
Breaking, there are hot update modules for the application.
4. Dynamic Updating Mechanism determination method according to claim 1, it is characterised in that: the local code load is sentenced
It is disconnected specifically: parsing application code sees the method or System class for wherein whether referring to Classloader Classloader
" loadLibrary " method, and the file of load indicates that the application has local load mould not in local if meeting above-mentioned condition
Block and without native code library.
5. a kind of Dynamic Updating Mechanism decision-making system, it is characterised in that: the system is arranged beyond the clouds, for using carry out behavior
Analysis, comprising:
It is connected to the network judgment module, for connecting with the presence or absence of network to judge to apply by static detection and/or dynamic detection
It connects;
Heat updates judgment module, is used for when application has network connection, by static detection and/or dynamic detection, to identify
Using with the presence or absence of dynamic update module;
Local code loads judgment module, for when application has network connection, identification application to be with the presence or absence of local load mould
Block and without native code library;
Dynamic Updating Mechanism determination module, for according to heat update judgment module and local code load judgment module as a result,
If then determining that the application is deposited using there are dynamic update modules, or in the presence of local loading module and without native code library
In Dynamic Updating Mechanism.
6. Dynamic Updating Mechanism decision-making system according to claim 5, it is characterised in that: the network connection judges mould
Block is specifically used for the AndroidManifest.xml file of parsing application, sees whether be configured with: <uses-permission
Android:name=" android.permission.INTERNET "></uses- permission>, being configured with then indicates to be somebody's turn to do
It using there is network connection, does not configure, indicating the application, there is no network connections.
7. Dynamic Updating Mechanism decision-making system according to claim 5, it is characterised in that: the heat updates judgment module
Specifically for being preset with the feature database formed to hot more new frame extracting rule;By the file of parsing application, by answering for parsing
Characteristic matching in feature and feature database, when have in all features of parsing at least one and in feature database rule
Match, then judging the application, there are hot update modules.
8. Dynamic Updating Mechanism decision-making system according to claim 5, it is characterised in that: the local code load is sentenced
Disconnected module is specifically used for parsing application code sees the method or System class for wherein whether referring to Classloader Classloader
" loadLibrary " method, and the file of load indicates that the application has local load not in local if meeting above-mentioned condition
Module and without native code library.
9. a kind of application Life cycle behavior monitoring method, it is characterised in that: it the following steps are included:
Determine monitored object: using Dynamic Updating Mechanism determination method described in any one of Claims 1-4 4, beyond the clouds
The application there are Dynamic Updating Mechanism is obtained, as monitored object;
Object monitor: in terminal, monitored object progress network linking data and code module are downloaded by setting hook point
Monitoring obtains the file that the heat of application downloading updates, and is uploaded to cloud;
Hot replacement analysis: beyond the clouds, the file updated to the heat of application downloading is analyzed, and is judged whether there is and is caused to user
Judging result is returned to terminal by the behavior of loss.
10. application Life cycle behavior monitoring method according to claim 9, it is characterised in that: the object prison
Control specifically: collect information in the makeDexElememts addition hook point of DexPathList, detect the data mesh in application
Whether record or sdcard catalogue have newly-increased path, if there is then it is that heat updates obtained dex file;
So file path that hook point collects load is added in System.load, compares the timestamp and apk file of so file
Set-up time if the difference time is farther out be that heat updates obtained so file.
11. application Life cycle behavior monitoring method according to claim 9, it is characterised in that: the heat updates
Analysis specifically: call external scan module to carry out dangerous or bad behavior to the file that terminal applies heat updates and sweep in cloud
It retouches, terminal is returned result to after the completion of scanning.
12. application Life cycle behavior monitoring method according to claim 9, it is characterised in that: this method further includes
Following steps: alarm: in terminal, will be shown the behavior that user causes damages, while show existing risk.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711007283.2A CN109711149B (en) | 2017-10-25 | 2017-10-25 | Dynamic updating mechanism judging method and application full life cycle behavior monitoring method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711007283.2A CN109711149B (en) | 2017-10-25 | 2017-10-25 | Dynamic updating mechanism judging method and application full life cycle behavior monitoring method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109711149A true CN109711149A (en) | 2019-05-03 |
| CN109711149B CN109711149B (en) | 2020-11-24 |
Family
ID=66252454
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711007283.2A Active CN109711149B (en) | 2017-10-25 | 2017-10-25 | Dynamic updating mechanism judging method and application full life cycle behavior monitoring method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109711149B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111221563A (en) * | 2020-01-13 | 2020-06-02 | 上海博泰悦臻网络技术服务有限公司 | Application management method and system |
| CN111897559A (en) * | 2020-08-06 | 2020-11-06 | 厦门美图之家科技有限公司 | Hot update code detection method and device, electronic equipment and storage medium |
| CN112068875A (en) * | 2020-08-04 | 2020-12-11 | 广州太平洋电脑信息咨询有限公司 | System and method for realizing thread filtering strategy based on java dynamic loading |
| CN112434287A (en) * | 2020-11-20 | 2021-03-02 | 西安四叶草信息技术有限公司 | Method, device and equipment for detecting Hook and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8713554B1 (en) * | 2012-09-14 | 2014-04-29 | Emc Corporation | Automated hotfix handling model |
| CN106709337A (en) * | 2015-11-18 | 2017-05-24 | 中兴通讯股份有限公司 | Malicious bundled software processing method and apparatus |
-
2017
- 2017-10-25 CN CN201711007283.2A patent/CN109711149B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8713554B1 (en) * | 2012-09-14 | 2014-04-29 | Emc Corporation | Automated hotfix handling model |
| CN106709337A (en) * | 2015-11-18 | 2017-05-24 | 中兴通讯股份有限公司 | Malicious bundled software processing method and apparatus |
Non-Patent Citations (2)
| Title |
|---|
| XIANGZHIHONG8: "阿里SopHix热修复框架接入(https://blog.csdn.net/xiangzhihong8/article/details/77562848)", 《CSDN》 * |
| 子扬: "Android热更新开源项目Tinker源码解析系列之三:so热更新(https://www.cnblogs.com/yyangblog/p/6252855.html)", 《博客园》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111221563A (en) * | 2020-01-13 | 2020-06-02 | 上海博泰悦臻网络技术服务有限公司 | Application management method and system |
| CN112068875A (en) * | 2020-08-04 | 2020-12-11 | 广州太平洋电脑信息咨询有限公司 | System and method for realizing thread filtering strategy based on java dynamic loading |
| CN112068875B (en) * | 2020-08-04 | 2024-05-17 | 广州太平洋电脑信息咨询有限公司 | System and method for realizing thread filtering strategy based on java dynamic loading |
| CN111897559A (en) * | 2020-08-06 | 2020-11-06 | 厦门美图之家科技有限公司 | Hot update code detection method and device, electronic equipment and storage medium |
| CN111897559B (en) * | 2020-08-06 | 2022-08-26 | 厦门美图之家科技有限公司 | Hot update code detection method and device, electronic equipment and storage medium |
| CN112434287A (en) * | 2020-11-20 | 2021-03-02 | 西安四叶草信息技术有限公司 | Method, device and equipment for detecting Hook and storage medium |
| CN112434287B (en) * | 2020-11-20 | 2024-04-02 | 西安四叶草信息技术有限公司 | Method, device, equipment and storage medium for detecting Hook |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109711149B (en) | 2020-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10868818B1 (en) | Systems and methods for generation of signature generation using interactive infection visualizations | |
| CN107566358B (en) | Risk early warning prompting method, device, medium and equipment | |
| Xu et al. | Iccdetector: Icc-based malware detection on android | |
| US9773112B1 (en) | Exploit detection of malware and malware families | |
| CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
| CN109711149A (en) | Dynamic Updating Mechanism determination method and application Life cycle behavior monitoring method | |
| CN109635523B (en) | Application program detection method and device and computer readable storage medium | |
| CN103679031B (en) | A kind of immune method and apparatus of file virus | |
| CN109711171A (en) | Localization method and device, system, storage medium, the electronic device of software vulnerability | |
| US8661543B2 (en) | Mobile terminal having security diagnosis functionality and method of making diagnosis on security of mobile terminal | |
| KR20190067542A (en) | Computing apparatus and method thereof robust to encryption exploit | |
| CN107634931A (en) | Processing method, cloud server, gateway and the terminal of abnormal data | |
| CN104715195A (en) | Malicious code detecting system and method based on dynamic instrumentation | |
| JP4773478B2 (en) | Risk level analysis apparatus and risk level analysis method | |
| CN105306467B (en) | The analysis method and device that web data is distorted | |
| WO2017071148A1 (en) | Cloud computing platform-based intelligent defense system | |
| CN108009424A (en) | Virus behavior detection method, apparatus and system | |
| CN104809397A (en) | Android malicious software detection method and system based on dynamic monitoring | |
| CN109726601A (en) | The recognition methods of unlawful practice and device, storage medium, computer equipment | |
| CN105354494A (en) | Detection method and apparatus for web page data tampering | |
| CN112395597A (en) | Method and device for detecting website application vulnerability attack and storage medium | |
| CN105095753A (en) | Broadcast safe detection method and device | |
| CN106203111A (en) | Method and device for preventing clipboard data from being modified and terminal equipment | |
| KR101657667B1 (en) | Malicious app categorization apparatus and malicious app categorization method | |
| CN111371581A (en) | Method, device, equipment and medium for detecting business abnormity of Internet of things card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |