CN110413871A - Using recommended method, device and electronic equipment - Google Patents
Using recommended method, device and electronic equipment Download PDFInfo
- Publication number
- CN110413871A CN110413871A CN201811550753.4A CN201811550753A CN110413871A CN 110413871 A CN110413871 A CN 110413871A CN 201811550753 A CN201811550753 A CN 201811550753A CN 110413871 A CN110413871 A CN 110413871A
- Authority
- CN
- China
- Prior art keywords
- application
- icon
- security
- value
- similarity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The embodiment of the present application provides a kind of application recommended method, device and electronic equipment.This method comprises: determining the characteristic value of the icon of malicious application for malicious application;According to the characteristic value of the icon of the characteristic value of the icon of malicious application and multiple security applications, the same or similar each security application of the icon of icon and malicious application, the security application as each candidate are determined;Based on the security application of each candidate, recommend security application.The embodiment of the present application realizes recommendation security application similar with the icon of malicious application to user, it meets the needs of users, the probability that malicious application is downloaded in the intelligent terminal for being installed to user is greatly reduced, can reduce the probability that smart machine is invaded by malicious application.Moreover, effectively hitting the malicious application obtained by counterfeit security application, the equity of the developer of effective protection security application using the embodiment of the present application.
Description
Technical field
This application involves computer software technical fields, specifically, the present invention relates to a kind of application recommended methods, device
And electronic equipment.
Background technique
Currently, the smart machines such as smart phone, tablet computer, intelligent wearable device and two-in-one computer are general extensively
And.A large amount of application is often installed, to meet the various demands of user in smart machine.However, malicious application is gushed
Now the various security risks such as leakage of private information are brought to smart machine.
In order to reduce malicious application bring security risk, having a kind of application recommended method at present is by checking that malice is answered
It is whether identical with packet name or application name and security application, packet name or application name malicious application identical with security application if it exists,
The then security application different from malicious application to user's recommendation packet name or application name.
However, the inventors of the present application found that applying recommended method using existing, it is difficult to reduce malicious application and be mounted
Probability into smart machine causes to be difficult to decrease the probability that smart machine is invaded by malicious application.
Summary of the invention
This application provides a kind of application recommended method, device, electronic equipment and computer readable storage mediums, can solve
The problem of being certainly difficult to decrease the probability that malicious application is mounted in smart machine.Technical solution is as follows:
In a first aspect, providing a kind of using recommended method, comprising:
For malicious application, the characteristic value of the icon of malicious application is determined;
According to the characteristic value of the icon of the characteristic value of the icon of malicious application and multiple security applications, determines icon and dislike
The same or similar each security application of icon of meaning application, the security application as each candidate;
Based on the security application of each candidate, recommend security application.
Optionally, it according to the characteristic value of the icon of the characteristic value of the icon of malicious application and multiple security applications, determines
Icon and the same or similar each security application of the icon of malicious application, comprising:
Determine the fisrt feature of the icon of the First Eigenvalue and malicious application of the icon of each security application in security vault
The first similarity value between value;The characteristic value of icon includes the First Eigenvalue of icon;
When the first similarity value threshold value complete less than or equal to the first similarity, the icon and malice of security application are determined
The icon of application is same or similar;
When the first similarity value is greater than the first similarity partial threshold, the icon and malicious application of security application are determined
Icon is not identical and dissimilar.
Optionally it is determined that in security vault the icon of the First Eigenvalue and malicious application of the icon of each security application
The first similarity value between one characteristic value, comprising:
The graphic feature value of the icon of each security application is obtained from security vault;The First Eigenvalue includes graphic feature
Value;
The every character for each graphic feature value that will acquire, every word with the graphic feature value of the icon of malicious application
Symbol compares, and obtains the number of the different position of character, as the first similarity value;
Graphic feature value includes one in perceptual hash value, average value cryptographic Hash, difference value cryptographic Hash and small echo cryptographic Hash
Kind.
Optionally, it according to the characteristic value of the icon of the characteristic value of the icon of malicious application and multiple security applications, determines
Icon and the same or similar each security application of the icon of malicious application, further includes:
When the first similarity value is greater than the complete threshold value of the first similarity and the first similarity value is not more than the first similarity portion
When dividing threshold value, determine between the Second Eigenvalue of the icon of each security application and the Second Eigenvalue of the icon of malicious application
Second similarity value;The characteristic value of icon includes the Second Eigenvalue of icon;
When the second similarity value is greater than the second similarity threshold, the icon of security application and the icon of malicious application are determined
It is same or similar;
When the second similarity value is less than or equal to the second similarity threshold, the icon and malicious application of security application are determined
Icon it is not identical and dissimilar.
Optionally it is determined that the Second Eigenvalue of the icon of the Second Eigenvalue and malicious application of the icon of each security application
Between the second similarity value before, further includes:
The icon of each security application is obtained from security vault;
Determine the Second Eigenvalue of the Second Eigenvalue of the icon of each security application and the icon of malicious application;
Second Eigenvalue includes picture global description.
Optionally, the security application based on each candidate recommends security application, comprising:
According to the application message of the security application of candidate each in security vault, security application to be recommended is determined, and carry out
Recommend.
Optionally, according to the application message of the security application of candidate each in security vault, security application to be recommended is determined,
Include:
According at least one of following of the security application of candidate each in security vault, security application to be recommended is determined: most
Maximum positive rating, packet name identical with malicious application, highest download in small the First Eigenvalue, evaluation information.
Optionally it is determined that further including being formed by the following method security vault out before the characteristic value of the icon of malicious application:
Obtain icon, certificate, packet name, download and the evaluation information of multiple security applications;
Determine the characteristic value of the icon of each security application;
By the icon of each security application, certificate, packet name, download, evaluation information and characteristic value corresponding record, peace is formed
Quan Ku.
Second aspect provides a kind of using recommendation apparatus, comprising:
Icon similarity detection module, for determining the characteristic value of the icon of the malicious application for malicious application;
According to the characteristic value of the icon of the characteristic value of the icon of the malicious application and multiple security applications, icon and the evil are determined
The same or similar each security application of icon of meaning application, the security application as each candidate;
Decision-making module recommends security application for the security application based on each candidate.
Optionally, icon similarity detection module is specifically used for determining first of the icon of each security application in security vault
The first similarity value between the First Eigenvalue of the icon of characteristic value and malicious application;The characteristic value of icon includes the of icon
One characteristic value;When the first similarity value threshold value complete less than or equal to the first similarity, the icon and evil of security application are determined
The icon applied of anticipating is same or similar;When the first similarity value is greater than the first similarity partial threshold, security application is determined
Icon and the icon of malicious application be not identical and dissimilar.
Optionally, icon similarity detection module is specifically used for obtaining the figure of the icon of each security application from security vault
Shape characteristic value;The First Eigenvalue includes graphic feature value;The every character for each graphic feature value that will acquire, with malicious application
Every character of graphic feature value of icon compare, the number of the different position of character is obtained, as the first similarity value;
Graphic feature value includes one of perceptual hash value, average value cryptographic Hash, difference value cryptographic Hash and small echo cryptographic Hash.
Optionally, icon similarity detection module be also used to when the first similarity value be greater than the complete threshold value of the first similarity,
And first similarity value when being not more than the first similarity partial threshold, determine the Second Eigenvalue of the icon of each security application with
The second similarity value between the Second Eigenvalue of the icon of malicious application;The characteristic value of icon includes the second feature of icon
Value;When the second similarity value is greater than the second similarity threshold, the icon for determining security application is identical as the icon of malicious application
Or it is similar;When the second similarity value is less than or equal to the second similarity threshold, the icon and malicious application of security application are determined
Icon it is not identical and dissimilar.
Optionally, icon similarity detection module be also used to the Second Eigenvalue that determines the icon of each security application with
Before the second similarity value between the Second Eigenvalue of the icon of malicious application, each security application is obtained from security vault
Icon;Determine the Second Eigenvalue of the Second Eigenvalue of the icon of each security application and the icon of malicious application;Second is special
Value indicative includes picture global description.
Optionally, decision-making module is specifically used for the application message of the security application according to candidate each in security vault, determines
Security application to be recommended, and recommended.
Optionally, decision-making module be specifically used for according to the security application of candidate each in security vault it is following at least one, really
Make security application to be recommended: maximum positive rating in the smallest the First Eigenvalue, evaluation information, identical with malicious application
Packet name, highest download.
Optionally, the application recommendation apparatus of the embodiment of the present application, further includes: security vault maintenance module.
Security vault maintenance module is used to obtain icon, certificate, packet name, download and the evaluation information of multiple security applications;
Determine the characteristic value of the icon of each security application;By the icon of each security application, certificate, packet name, download, evaluation letter
Breath and characteristic value corresponding record form security vault.
The third aspect provides a kind of electronic equipment, which includes:
Processor, memory and bus;
Bus, for connecting processor and memory;
Memory, for storing operational order;
Processor executes the application recommended method of any one of above-mentioned first aspect for instructing by call operation.
Fourth aspect, provides a kind of computer readable storage medium, and storage medium is stored at least one instruction, at least
One Duan Chengxu, code set or instruction set, at least one instruction, an at least Duan Chengxu, code set or instruction set are loaded by processor
And the application recommended method executed to realize any one such as first aspect.
Technical solution provided by the embodiments of the present application has the benefit that
In the embodiment of the present application, the same or similar security application of the icon of icon and malicious application is determined, to user
Recommend, since the icon of the security application of recommendation and the icon of malicious application are same or similar, meets user to the icon of application
Understanding habit so that user be easy receive these security applications, greatly improve the recommendation efficiency of security application;Moreover, with
Why family may select a certain malicious application, and often to certain functions in malicious application, there are demands, and icon is similar
Application between often have the same or similar function, the security application of recommendation often has same or similar with malicious application
Function, malicious application can be substituted and met the needs of users;Therefore it after user has downloaded the security application recommended, does not move
Machine goes to download corresponding malicious application again, greatly reduce malicious application be downloaded it is several in the intelligent terminal for being installed to user
Rate can reduce the probability that smart machine is invaded by malicious application.
Moreover, effectively hitting the malicious application obtained by counterfeit security application using the embodiment of the present application, effectively protect
Protect the equity of the developer of security application.
Optionally, in the embodiment of the present application, the First Eigenvalue and the relevant calculation amount of the first similarity value are smaller, calculate speed
Degree is very fast, and the complete threshold value of suitable first similarity and the first similarity partial threshold is arranged, can be based on enough confidence levels
Relatively accurately just sift out similar or dissimilar icon;It is remaining for primary dcreening operation in it is similar with it is dissimilar between icon,
It is finely determined using Second Eigenvalue and the second similarity value, accurately determines out the icon and malicious application of security application
Icon it is whether similar.Therefore, accurate similarity can be obtained in the case where guaranteeing calculating speed with higher
Testing result.
Optionally, in the embodiment of the present application, the First Eigenvalue occupancy memory space is smaller, is stored directly in security vault, can
By quick calling;Second Eigenvalue occupies that memory space is larger and can not necessarily be used, therefore uses and calculate in real time
Mode obtains Second Eigenvalue;Good balance is achieved between memory space and calculating speed.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, institute in being described below to the embodiment of the present application
Attached drawing to be used is needed to be briefly described.
Fig. 1 is a kind of configuration diagram using recommender system that the application one embodiment provides;
Fig. 2 is the flow diagram for the method that a kind of application that another embodiment of the application provides is recommended;
Fig. 3 is security vault maintenance module in the electronic equipment that provides of another embodiment of the application, the inspection of icon similarity
Survey the relation schematic diagram between module and decision-making module;
Fig. 4 is the schematic illustration for the formation security vault that another embodiment of the application provides;
Fig. 5 is the flow diagram using recommended method based on security vault that another embodiment of the application provides;
Fig. 6 is the principle signal of a special case of the icon characteristics value similarity detection that another embodiment of the application provides
Figure;
Fig. 7 is the schematic illustration for the optimum selecting security application that another embodiment of the application provides;
Fig. 8 is the schematic illustration of a special case provided by the embodiments of the present application for recommending security application;
Fig. 9 is the structural schematic diagram for a kind of electronic equipment that another embodiment of the application provides.
Specific embodiment
Embodiments herein is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, and is only used for explaining the application, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in the description of the present application
Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member
Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or wirelessly coupling.It is used herein to arrange
Diction "and/or" includes one or more associated wholes for listing item or any cell and all combinations.
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application embodiment party
Formula is described in further detail.
First to this application involves several nouns be introduced and explain:
Android application: for the application program of Google (Google) open source mobile phone operating system exploitation.
Malicious application: the black Android application produced by beating again the technologies such as packet, title are counterfeit or icon is similar generation, induction are used
Family downloading installation, the application for causing the loss of user mobile phone rate, interference handset system to operate normally.
Phash: the picture feature value that perceptual hash (Hash) algorithm obtains is one 64 01 character strings.
GIST feature: picture global description is the floating number array of one 690 dimension.
Packet name: application ID (IDentification, mark), can unique identification application, each answer on same Android system
Packet name is all different.
Present inventor has found that malicious application not necessarily has the same packet name and application with security application after study
Name;It beats again packet for example, malicious application may be by being implanted into security application after malicious code and is formed, the packet name of malicious application
It can be different from security application with application name.Therefore, recommended method is applied using existing, recommends packet name or application name to user
The security application different from malicious application can not prevent packet name or the different Malware of application name recommended at all, be easy to lead
Family selection downloading of applying installs these Malwares to intelligent terminal, and intelligent terminal is caused to be invaded by Malware.
Present inventor also found exist and carry out according to user behavior data using the method recommended, however believing
Under the overall situation for ceasing safeguard protection, a large amount of user behavior data information is needed to be possible to determine to be more conform with user demand
Security application, obtain more accurately recommendation effect, exist be difficult to meet user demand cause the accuracy recommended low or
Person needs to rely on a large amount of user behavior data and leads to the defect of inefficiency.
Present inventor also found exist and carry out according to the keyword of user's input using the method recommended, however
Malicious application is in order to escape antivirus software killing, it will usually obscure character string etc. (such as application name) information;In addition, from malice
Application fetches key technology difficulty is larger, it is difficult to exclude malicious application by keyword;Lead to that malicious application still can be recommended.
Present inventor continues the study found that on the one hand, the cognition habit of user is usually to print to the icon of application
As deep, once user prefers to some application, installation application is downloaded generally according to the icon of the application, malicious application is opened
Originator will not usually have larger change for preferable communication effect to icon.Recommend safety by the same or similar icon
Using with certain stability.Meanwhile security application identical with malicious application icon is easier to be easily accepted by a user.Another party
Face, user have downloaded a certain application, illustrate that user has certain use demand to the application, therefore recommend the figure with malicious application
User demand can be met by marking the same or similar alternative security application, improve user experience.
Application recommended method, device, electronic equipment and computer readable storage medium provided by the present application, it is intended to solve existing
There is the technical problem as above of technology.
How the technical solution of the application and the technical solution of the application are solved with specifically embodiment below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, embodiments herein is described.
One embodiment of the application provide it is a kind of using recommender system, as shown in Figure 1, the system includes: multiple ends
End equipment, electronic equipment and application server.
Terminal device is electrically connected by network with electronic equipment, and application server is electrically connected by network with electronic equipment.
Network in the embodiment of the present application may include at least one of internet and mobile communications network;Internet may include office
Domain net.
Terminal device has networking, input and output and display function, such as terminal device can be smart phone, plate electricity
Brain or two-in-one apparatus such as computer.Optionally, terminal device is with ARM (Advanced Reduced instruction
Set computer Machine, advanced Reduced Instruction Set Computer equipment) framework equipment.
Terminal device can also access network by mobile communications network by LAN optimization network.
For example, terminal device can be interconnected by WiFi (Wireless Fidelity, Wireless Fidelity) LAN optimization
Net.
For another example, terminal device can by 3G (3rd-Generation wireless telephone technology,
Third generation mobile communication technology), the mobile communications networks access interconnection such as LTE (Long Term Evolution, long term evolution)
Net.
Electronic equipment may include at least one of single server, server cluster and distributed server.
Electronic equipment can access network in a wired manner.For example, electronic equipment passes through the wide of intelligent acess internet
Domain net or backbone network.
Application server can access network in a wired manner.
Optionally, in the application recommender system of the embodiment of the present application, application server is used for through programs such as spider crawlers
Diversified application installation package and application message are obtained from each application shop and application distribution platform etc., application message includes answering
Icon, certificate, packet name, download and evaluation information etc.;And safety detection scanning is carried out to the rescue bag of application, it determines
Security application and malicious application.Application in the application includes Android application.
Electronic equipment is used to implement the application recommended method of the subsequent offer of the application, recommends security application, sets for each terminal
The information for future reference ask, download or show recommended security application, or recommended security application is downloaded for each terminal device,
Specific method is introduced in subsequent detailed annotation, is not repeated herein.
The application another embodiment provides for a kind of application recommend method, the flow diagram of this method such as Fig. 2
It is shown, this method comprises:
S201: for malicious application, the characteristic value of the icon of malicious application is determined.
S202: according to the characteristic value of the icon of the characteristic value of the icon of malicious application and multiple security applications, figure is determined
The same or similar each security application of icon of mark and malicious application, the security application as each candidate.
S203: the security application based on each candidate recommends security application.
In the embodiment of the present application, the same or similar security application of the icon of icon and malicious application is determined, to user
Recommend, since the icon of the security application of recommendation and the icon of malicious application are same or similar, meets user to the icon of application
Understanding habit so that user be easy receive these security applications, greatly improve the recommendation efficiency of security application;Moreover, with
Why family may select a certain malicious application, and often to certain functions in malicious application, there are demands, and icon is similar
Application between often have the same or similar function, the security application of recommendation often has same or similar with malicious application
Function, malicious application can be substituted and met the needs of users;Therefore it after user has downloaded the security application recommended, does not move
Machine goes to download corresponding malicious application again, greatly reduce malicious application be downloaded it is several in the intelligent terminal for being installed to user
Rate can reduce the probability that smart machine is invaded by malicious application.
In addition, effectively hitting the malicious application obtained by counterfeit security application using the embodiment of the present application, effectively protect
Protect the equity of the developer of security application.
Another embodiment of the application provides a kind of application recommended method of extension, which applies recommendation side
Method, comprising: the forming method of security vault and the application recommended method based on security vault.
It optionally, mainly include security vault maintenance module, icon similarity detection module and decision-making module in electronic equipment.
These three module relationships are as shown in Figure 3.Firstly, security vault maintenance module can extract packet name, icon, using retouching from security application
It the information such as states, and icon similarity detection module is called to generate the characteristic values of the icons such as phash (perceptual hash) value.When having
When new malicious application, icon similarity detection module is by the similarity in icon and security vault between icon calculation icon, just
Step sifts out the higher security application of icon similarity.Then, decision-making module is believed according to icon similarity, using download and evaluation
Breath etc. recommends optimal security application.
Optionally, in the embodiment of the present application, the forming method of security vault includes: that electronic equipment obtains multiple security applications
Icon, certificate, packet name, download and evaluation information;Determine the characteristic value of the icon of each security application;Each safety is answered
Icon, certificate, packet name, download, evaluation information and characteristic value corresponding record form security vault.Evaluation information includes
Comment at least one of rate and scoring.The characteristic value of icon includes the First Eigenvalue of icon, and the First Eigenvalue includes figure spy
Value indicative, graphic feature value include phash (perceptual hash) value, ahash (average value Hash) value, dhash (difference value Hash) value
One of with small echo hash (Hash) value.
Specifically, as shown in figure 4, the safety that the security vault maintenance module in electronic equipment is chosen Jing Guo safety detection is answered
With downloading security application file extracts the application messages such as icon, the packet name of each security application, calls the detection of icon similarity
The phash value of module calculation icon obtains the application messages such as the positive rating for being originated from downloading channel and download.Security vault safeguards mould
The records of all security applications is constituted security vault by block, a record include security application, the certificate of security application, packet name, under
Carrying capacity, evaluation information and icon phash value.
The method that security vault maintenance module in electronic equipment extracts application message includes: to be provided using Google (Google)
Aapt (Android Asset Packaging Tool, Android resource strapping tool) can until application certificate, packet name
Etc. information.From the positive rating (0~1 numerical value) in the evaluation information that the downloading channel of downloading security application obtains application or comment
Point, the information such as download.
It includes: to decompress application that security vault maintenance module in electronic equipment, which extracts application drawing calibration method, decompiling
AndroidManifest.xml file obtains icon path, then finds icon text according to path from the file of decompression
Part.
The application recommended method based on security vault is described below, the flow diagram of this method is as shown in figure 5, include following
Step:
S501: electronic equipment determines the First Eigenvalue of the icon of malicious application for malicious application.
Optionally, electronic equipment extracts the icon of malicious application, calculates the First Eigenvalue of the icon of malicious application.
The First Eigenvalue includes graphic feature value.Graphic feature value includes in phash value, ahash value, dhash value and small echo hash value
One kind.
For example, as shown in fig. 6, the icon similarity detection module in electronic equipment extracts icon and the calculating of malicious application
The phash value of the icon.Phash is calculated: electronic equipment uses phash algorithm, and the phash value of calculation icon generates 64 bit lengths
String of binary characters.
S502: electronic equipment determines the figure of the First Eigenvalue of the icon of each security application and malicious application in security vault
The first similarity value between target the First Eigenvalue;The characteristic value of icon includes the First Eigenvalue of icon, is executed later
S503, S504 or S505.
Optionally, electronic equipment obtains the graphic feature value of the icon of each security application from security vault;Fisrt feature
Value includes graphic feature value.Graphic feature value includes one of phash value, ahash value, dhash value and small echo hash value.
The every character for each graphic feature value that electronic equipment will acquire, the graphic feature value with the icon of malicious application
Every character compare, the number of the different position of character is obtained, as the first similarity value.
For example, as shown in fig. 6, the icon similarity detection module in electronic equipment takes a record (middle peace in security vault
The icon applied entirely) phash value, calculate (icon of the phash value and malicious application of the icon of security application) phash
(first between value) similarity value sim_phash.Phash similarity calculating method: pressing bit comparison for two phash values, if
Number in corresponding position is not identical, then the number of the different position of number is denoted as sim_phash, and sim_phash value is smaller more
It is similar.
S503: when the first similarity value threshold value complete less than or equal to the first similarity, electronic equipment determines that safety is answered
Icon and the icon of malicious application are same or similar, using the same or similar each security application of icon as the peace of each candidate
Full application.
For example, the complete threshold value of the first similarity is specially p_ as shown in fig. 6, the first similarity value is specially sim_phash
Threshold_sim_full, when (i.e. the first similarity value is less than or waits sim_phash≤p_threshold_sim_full
In the complete threshold value of the first similarity) when, electronic equipment determines that the icon of security application is similar to the icon of malicious application.It is optional
Ground, p_threshold_sim_full can be set to 4.
S504: when the first similarity value is greater than the first similarity partial threshold, electronic equipment determines the figure of security application
It marks not identical and dissimilar as the icon of malicious application.
For example, working as sim_ as shown in fig. 6, the first similarity partial threshold is specially p_threshold_sim_partial
When phash > p_threshold_sim_partial (i.e. the first similarity value is greater than the first similarity partial threshold), electronics is set
The standby icon for determining security application and the icon of malicious application are dissimilar.Optionally, p_threshold_sim_partial can be with
It is set as 10.
S505: when the first similarity value is greater than the complete threshold value of the first similarity and the first similarity value is not more than the first phase
When like degree partial threshold, electronic equipment obtains the icon of each security application from security vault;Determine each security application
The Second Eigenvalue of the icon of the Second Eigenvalue and malicious application of icon.
Optionally, Second Eigenvalue includes GIST characteristic value.GIST feature calculation method includes: that electronic equipment uses GIST
Algorithm calculates, and generates the vector floating-point array of 690 dimensions.For example, in Fig. 6, when p_threshold_sim_full < sim_phash <
When=p_threshold_sim_partial, the first similarity value is greater than the complete threshold value of the first similarity and the first similarity value
When no more than the first similarity partial threshold, electronic equipment extracts the icon of malicious application and calculates the GIST feature of the icon
(value) takes a GIST feature (value) for recording the icon of (security application) and calculating the icon in security vault.
S506: electronic equipment determines the second of the Second Eigenvalue of the icon of each security application and the icon of malicious application
The second similarity value between characteristic value;The characteristic value of icon includes the Second Eigenvalue of icon, executes S507 or S508 later.
For example, electronic equipment calculates each security application as shown in fig. 6, the second similarity value is specially sim_gist
(second) similarity value sim_gist between the GIST feature (value) of the icon of the GIST feature (value) and malicious application of icon.
Optionally, the calculation method of GIST characteristic similarity includes: that electronic equipment uses cosine similarity algorithm two GIST spies of calculating
The similarity of array is levied, 0~1 floating number is generated, is denoted as sim_gist, the bigger sim_gist the more similar.
S507: when the second similarity value is greater than the second similarity threshold, electronic equipment determine the icon of security application with
The icon of malicious application is same or similar, using the same or similar each security application of icon as the security application of each candidate, it
After execute S509.
For example, working as sim_gist > g_ as shown in fig. 6, the second similarity threshold is specially g_threshold_sim
When threshold_sim (i.e. the second similarity value is greater than the second similarity threshold), electronic equipment determines the icon of security application
It is similar to the icon of malicious application.
S508: when the second similarity value is less than or equal to the second similarity threshold, electronic equipment determines security application
Icon and the icon of malicious application be not identical and dissimilar.
For example, as shown in fig. 6, when (i.e. the second similarity value is less than or equal to sim_gist≤g_threshold_sim
Second similarity threshold) when, electronic equipment determines the icon of security application and the icon dissmilarity of malicious application.
S509: electronic equipment determines peace to be recommended according to the application message of the security application of candidate each in security vault
Full application, and recommended.
Optionally, electronic equipment is determined according at least one of following of the security application of candidate each in security vault wait push away
The security application recommended: maximum positive rating in the smallest the First Eigenvalue, evaluation information, packet name identical with malicious application, most
High download.
May have by the security application that icon similarity detection module obtains multiple.Optionally, decision-making module is comprehensive
Sim_phash similarity, the evaluation information of security application and download recommend security application.
For example, as shown in fig. 7, the icon similarity detection module of electronic equipment determines multiple icons in above-mentioned steps
(icon with malicious application) similar security application (security applications of i.e. multiple candidates), the decision-making module of electronic equipment is successively
The preferential selection the smallest security application of sim_phash, evaluates the security application of best (score value is maximum), and Bao Mingyu malice is answered
Packet name is identical, evaluates the highest application of best and download.
In the embodiment of the present application, the First Eigenvalue and the relevant calculation amount of the first similarity value are smaller, and calculating speed is very fast,
The complete threshold value of suitable first similarity and the first similarity partial threshold are set, it can be more accurate based on enough confidence levels
Just sift out similar or dissimilar icon in ground;It is remaining for primary dcreening operation in it is similar with it is dissimilar between icon, utilize second
Characteristic value and the second similarity value are finely determined that the icon of the icon and malicious application that accurately determine out security application is
It is no similar.Therefore, accurate similarity detection knot can be obtained in the case where guaranteeing calculating speed with higher
Fruit.
Moreover, in the embodiment of the present application, it is smaller that the First Eigenvalue occupies memory space, is stored directly in security vault, can be with
By quick calling;Second Eigenvalue occupancy memory space is larger and can not necessarily be used, therefore uses the side calculated in real time
Formula obtains Second Eigenvalue;Good balance is achieved between memory space and calculating speed.
Based on the same inventive concept, another embodiment of the application provides a kind of using recommendation apparatus, is set to this
In the electronic equipment of application, comprising: icon similarity detection module and decision-making module.
Icon similarity detection module, for determining the characteristic value of the icon of malicious application for malicious application;According to
The characteristic value of the icon of the characteristic value of the icon of malicious application and multiple security applications determines the icon of icon and malicious application
The same or similar each security application, the security application as each candidate.
Decision-making module recommends security application for the security application based on each candidate.
Optionally, icon similarity detection module is specifically used for determining first of the icon of each security application in security vault
The first similarity value between the First Eigenvalue of the icon of characteristic value and malicious application;The characteristic value of icon includes the of icon
One characteristic value;When the first similarity value threshold value complete less than or equal to the first similarity, the icon and evil of security application are determined
The icon applied of anticipating is same or similar;When the first similarity value is greater than the first similarity partial threshold, security application is determined
Icon and the icon of malicious application be not identical and dissimilar.
Optionally, icon similarity detection module is specifically used for obtaining the figure of the icon of each security application from security vault
Shape characteristic value;The First Eigenvalue includes graphic feature value;The every character for each graphic feature value that will acquire, with malicious application
Every character of graphic feature value of icon compare, the number of the different position of character is obtained, as the first similarity value;
Graphic feature value includes one of phash, ahash, dhash and small echo hash.
Optionally, icon similarity detection module be also used to when the first similarity value be greater than the complete threshold value of the first similarity,
And first similarity value when being not more than the first similarity partial threshold, determine the Second Eigenvalue of the icon of each security application with
The second similarity value between the Second Eigenvalue of the icon of malicious application;The characteristic value of icon includes the second feature of icon
Value;When the second similarity value is greater than the second similarity threshold, the icon for determining security application is identical as the icon of malicious application
Or it is similar;When the second similarity value is less than or equal to the second similarity threshold, the icon and malicious application of security application are determined
Icon it is not identical and dissimilar.
Optionally, icon similarity detection module be also used to the Second Eigenvalue that determines the icon of each security application with
Before the second similarity value between the Second Eigenvalue of the icon of malicious application, each security application is obtained from security vault
Icon;Determine the Second Eigenvalue of the Second Eigenvalue of the icon of each security application and the icon of malicious application;Second is special
Value indicative includes GIST characteristic value.
Optionally, decision-making module is specifically used for the application message of the security application according to candidate each in security vault, determines
Security application to be recommended, and recommended.
Optionally, decision-making module be specifically used for according to the security application of candidate each in security vault it is following at least one, really
Make security application to be recommended: maximum positive rating in the smallest the First Eigenvalue, evaluation information, identical with malicious application
Packet name, highest download.
Optionally, the application recommendation apparatus of the embodiment of the present application, further includes: security vault maintenance module.
Security vault maintenance module is used to obtain icon, certificate, packet name, download and the evaluation information of multiple security applications;
Determine the characteristic value of the icon of each security application;By the icon of each security application, certificate, packet name, download, evaluation letter
Breath and characteristic value corresponding record form security vault.
Any embodiment or any optional in the application the various embodiments described above can be performed in the application recommendation apparatus of the present embodiment
Embodiment application recommended method, realization principle and acquired advantageous effects and the application's applies recommendation side
Method is similar, and details are not described herein again.
With reference to the accompanying drawing come introduce the application recommendation security application a special case.Attached drawing 8 is the recommendation of the application
The schematic illustration of one special case of security application.
As shown in figure 8, firstly, security vault maintenance module establishes security vault.
Specifically, security vault maintenance module chooses the security application Jing Guo safety detection, downloads security application file, extracts
The icon of each security application.Optionally, it extracts application drawing calibration method: the installation kit of security application being decompressed, decompiling
AndroidManifest.xml file obtains icon path, then finds icon text according to path from the file of decompression
Part.
Security vault maintenance module extracts application message (including certificate, icon, packet from the security application Jing Guo safety detection
Name, evaluation information and download etc.).
The phash value of security vault maintenance module calling icon similarity detection module calculation icon.One security application
Application message and phash value constitute a security application record, and multiple security applications record to form security vault.One security application
Record includes the mark of security application, the certificate of security application, packet name, download, evaluation information (including positive rating) and icon
Phash value.Certificate is that (Distinguished Encoding Rules can distinguish coding rule to DER of the developer for signing
Then) binary system certificate, certificate here is intended merely to identify different developers, such as can calculate DER by MD5 digest algorithm
Digest value, which is saved.
For example, security vault includes following several records:
Security application (record) 1: certificate _ 1 icon _ 1 evaluation _ 1 download _ 1phash_1
Security application (record) 2: certificate _ 2 icons _ 2 evaluation _ 2 downloads _ 2phash_2
……
Secondly, icon similarity detection module detects icon similarity.
Specifically, when there is new malicious application to need to recommend security application, icon similarity detection module calculates malice
The icon phash value of application generates the string of binary characters of 64 bit lengths;By the phash value of the icon of malicious application, one by one with peace
The phash value of the icon of each security application record is carried out by bit comparison in full library, and the corresponding different position number in position is denoted as
Sim_phash (i.e. phash similarity), numerical value is smaller more similar;Sim_phash is located at p_threshold_sim_partial
When between p_threshold_sim_full, GIST feature is calculated, the vector floating-point array of 690 dimensions is generated, calculates two
The similarity of GIST feature array, and carry out GIST similarity judgement.According to the similar of phash similarity or GIST feature array
Degree determines multiple security applications similar with the icon of malicious application, and exports the similar security application of multiple icons to decision
Module (or being called by decision-making module).
For example, icon _ x phash value of malicious application is denoted as phash_x.
After the detection of icon similarity detection module, similarity < p_threshold_ of phash_2 and phash_x
It when sim_full, determines that icon is similar, therefore selects the corresponding record in security application _ 2;
As phash similarity < p_threshold_ of p_threshold_sim_full≤phash_6 and phash_x
When sim_partial, calculation icon _ 6 and icon _ x gist similarity sim_gist work as sim_gist > g_threshold_
When sim, it is believed that icon is similar, therefore selects the corresponding record in security application _ 6.
The icon of other security applications and icon phash similarity >=p_threshold_sim_ of malicious application
Partial or sim_gist < g_threshold_sim determines icon dissmilarity, therefore does not select security application.
Then, the comprehensive sim_phash similarity of decision-making module, the evaluation of security application and download recommend application.
Optionally, decision-making module preferentially selects the smallest application of sim_phash, successively the preferential best (evaluation of selection evaluation
Numerical value is maximum, such as positive rating highest) application, Bao Mingyu malicious application is identical, evaluates the best highest application of download.
Optionally, the resulting several icons of previous step security application similar with the icon of malicious application, decision-making module will
Therefrom according to phash similarity, packet name and evaluation etc., filters out optimal security application and recommend user.
For example, because the phash similarity of security application _ 6 is greater than the phash similarity of security application _ 2, selection
Security application _ 2 are as the security application recommended.Assuming that security application _ 6 are then selected as the phash similarity of security application _ 2
The bigger application of figure of merit in the two (scoring or positive rating) is selected, such as security application _ 6 is selected to apply as recommendation.
Based on identical inventive concept, a kind of electronic equipment is provided in another embodiment of the application, comprising: processor,
Memory and bus;
Bus, for connecting processor and memory;
Memory, for storing operational order;
Processor executes any embodiment or optional in the application the various embodiments described above for instructing by call operation
The application recommended method of embodiment.
Optionally, the electronic equipment platform in the present embodiment includes electronic equipment.The electronic equipment, as shown in figure 9, Fig. 9
Shown in electronic equipment 900 include: processor 901 and memory 903.Wherein, processor 901 and memory 903 are electrically connected,
Such as it is connected by bus 902.Optionally, electronic equipment 900 further includes network module 904.It should be noted that in practical application
Network module 904 is not limited to one, and the structure of the electronic equipment 900 does not constitute the restriction to the embodiment of the present application.
Wherein, processor 901 is applied in the embodiment of the present application, each mould in the application recommendation apparatus above-mentioned for the application
The function of block.
Processor 901 can be CPU (Central Processing Unit, central processing unit), general processor, DSP
(Digital Signal Processor, data signal processor), ASIC (Application Specific
Integrated Circuit, specific integrated circuit), (Field-Programmable Gate Array, scene can compile FPGA
Journey gate array) either other programmable logic device, transistor logic, hardware component or any combination thereof.It can be with
It realizes or executes and combine various illustrative logic blocks, module and circuit described in present disclosure.Processor 901
It is also possible to realize the combination of computing function, such as is combined comprising one or more microprocessors, the combination of DSP and microprocessor
Deng.
Bus 902 may include an access, and information is transmitted between said modules.Bus 902 can be PCI
(Peripheral Component Interconnect, Peripheral Component Interconnect standard) bus or EISA (Extended
Industry Standard Architecture, expanding the industrial standard structure) bus etc..It is total that bus 902 can be divided into address
Line, data/address bus, control bus etc..Only to be indicated with a thick line in Fig. 9 convenient for indicating, it is not intended that only one total
Line or a type of bus.
Memory 903 can be ROM (Read-Only Memory, read-only memory) or can store static information and instruction
Other kinds of static storage device, RAM (random accessmemory, random access memory) or letter can be stored
The other kinds of dynamic memory of breath and instruction, is also possible to EEPROM (Electrically Erasable
Programmable Read OnlyMemory, Electrically Erasable Programmable Read-Only Memory), CD-ROM (Compact Disc
Read-OnlyMemory, CD-ROM) or other optical disc storages, optical disc storage (including compression optical disc, laser disc, optical disc, number
The general optical disc of word, Blu-ray Disc etc.), magnetic disk storage medium or other magnetic storage apparatus or can be used in carrying or store
Desired program code with instruction or data structure form simultaneously can be but unlimited by any other medium of computer access
In this.
Optionally, memory 903 be used for store execution application scheme application code or operational order, and by
Reason device 901 executes to control.Processor 901 is used to execute the application code or operational order stored in memory 903, with
Realize the application recommended method of any embodiment or any optional embodiment in the application the various embodiments described above;Alternatively, with
Realize the movement using recommendation apparatus of the above embodiments of the present application, realization principle and acquired advantageous effects and this
The application recommended method of application is similar, and details are not described herein again.
Based on the same inventive concept, another embodiment of the application provides a kind of computer readable storage medium, storage
Media storage has at least one instruction, at least a Duan Chengxu, code set or instruction set, at least one instruction, an at least Duan Chengxu,
Code set or instruction set loaded by processor and executed with realize in the application the various embodiments described above any embodiment or it is any can
The application recommended method of the embodiment of choosing.
The embodiment of the present application provides a kind of computer readable storage medium and is suitable for above method embodiment, realizes former
Reason and acquired advantageous effects are similar with the application recommended method of the application, and details are not described herein.
It should be understood that although each step in the flow chart of attached drawing is successively shown according to the instruction of arrow,
These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps
Execution there is no stringent sequences to limit, can execute in the other order.Moreover, at least one in the flow chart of attached drawing
Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps
Completion is executed, but can be executed at different times, execution sequence, which is also not necessarily, successively to be carried out, but can be with other
At least part of the sub-step or stage of step or other steps executes in turn or alternately.
The above is only some embodiments of the application, it is noted that for the ordinary skill people of the art
For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered
It is considered as the protection scope of the application.
Claims (10)
1. a kind of apply recommended method characterized by comprising
For malicious application, the characteristic value of the icon of the malicious application is determined;
According to the characteristic value of the icon of the characteristic value of the icon of the malicious application and multiple security applications, icon and institute are determined
State the same or similar each security application of icon of malicious application, the security application as each candidate;
Based on the security application of each candidate, recommend security application.
2. the method according to claim 1, wherein the characteristic value of the icon according to the malicious application and
The characteristic value of the icon of multiple security applications determines that icon and the same or similar each safety of icon of the malicious application are answered
With, comprising:
Determine first of the icon of the First Eigenvalue and malicious application of the icon of each security application in security vault
The first similarity value between characteristic value;The characteristic value of the icon includes the First Eigenvalue of the icon;
When the first similarity value is less than or equal to the complete threshold value of the first similarity, determine the icon of the security application with it is described
The icon of malicious application is same or similar;
When the first similarity value is greater than the first similarity partial threshold, determine that the icon of the security application is answered with the malice
Icon is not identical and dissimilar.
3. according to the method described in claim 2, it is characterized in that, in the determining security vault each security application figure
The first similarity value between target the First Eigenvalue and the First Eigenvalue of the icon of the malicious application, comprising:
The graphic feature value of the icon of each security application is obtained from the security vault;The First Eigenvalue includes the figure
Shape characteristic value;
It each of will acquire every character of the graphic feature value, it is each with the graphic feature value of the icon of the malicious application
Position character compares, and the number of the different position of character is obtained, as the first similarity value;
The graphic feature value includes one in perceptual hash value, average value cryptographic Hash, difference value cryptographic Hash and small echo cryptographic Hash
Kind.
4. according to the method described in claim 2, it is characterized in that, the characteristic value of the icon according to the malicious application and
The characteristic value of the icon of multiple security applications determines that icon and the same or similar each safety of icon of the malicious application are answered
With, further includes:
When the first similarity value is greater than the complete threshold value of the first similarity and the first similarity value is not more than the first similarity part threshold
When value, determine the Second Eigenvalue of the icon of each security application and the icon of the malicious application Second Eigenvalue it
Between the second similarity value;The characteristic value of the icon includes the Second Eigenvalue of the icon;
When the second similarity value is greater than the second similarity threshold, determine the security application icon and the malicious application
Icon is same or similar;
When the second similarity value be less than or equal to the second similarity threshold when, determine the security application icon and the malice
The icon of application is not identical and dissimilar.
5. according to the method described in claim 4, it is characterized in that, the second of the icon of each security application of the determination
Before the second similarity value between the Second Eigenvalue of the icon of characteristic value and the malicious application, further includes:
The icon of each security application is obtained from the security vault;
Determine the Second Eigenvalue of the Second Eigenvalue of the icon of each security application and the icon of the malicious application;
The Second Eigenvalue includes picture global description.
6. according to the method described in claim 2, it is characterized in that, the security application based on each candidate, recommends peace
Full application, comprising:
According to the application message of the security application of the candidate each in the security vault, security application to be recommended is determined, and
Recommended.
7. according to the method described in claim 6, it is characterized in that, the safety according to the candidate each in the security vault
The application message of application determines security application to be recommended, comprising:
According at least one of following of the security application of the candidate each in the security vault, determine that safety to be recommended is answered
With: maximum positive rating, packet name identical with the malicious application, highest in the smallest the First Eigenvalue, evaluation information
Download.
8. the method according to claim 2, which is characterized in that the icon for determining the malicious application
Characteristic value before, further include being formed by the following method the security vault:
Obtain icon, certificate, packet name, download and the evaluation information of multiple security applications;
Determine the characteristic value of the icon of each security application;
By the icon of each security application, certificate, packet name, download, evaluation information and characteristic value corresponding record, the peace is formed
Quan Ku.
9. a kind of apply recommendation apparatus characterized by comprising
Icon similarity detection module, for determining the characteristic value of the icon of the malicious application for malicious application;According to
The characteristic value of the icon of the characteristic value of the icon of the malicious application and multiple security applications determines that icon is answered with the malice
The same or similar each security application of icon, the security application as each candidate;
Decision-making module recommends security application for the security application based on each candidate.
10. a kind of electronic equipment, characterized in that it comprises:
Processor, memory and bus;
The bus, for connecting the processor and the memory;
The memory, for storing operational order;
The processor, for executing application described in any one of the claims 1-8 by calling the operational order
Recommended method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811550753.4A CN110413871B (en) | 2018-12-18 | 2018-12-18 | Application recommendation method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811550753.4A CN110413871B (en) | 2018-12-18 | 2018-12-18 | Application recommendation method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110413871A true CN110413871A (en) | 2019-11-05 |
| CN110413871B CN110413871B (en) | 2023-03-24 |
Family
ID=68358113
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811550753.4A Active CN110413871B (en) | 2018-12-18 | 2018-12-18 | Application recommendation method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110413871B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491613A (en) * | 2020-11-26 | 2021-03-12 | 北京航空航天大学 | Information service identifier generation method and device |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080250323A1 (en) * | 2007-04-04 | 2008-10-09 | Huff Gerald B | Method and apparatus for recommending an application-feature to a user |
| CN102799825A (en) * | 2012-07-18 | 2012-11-28 | 腾讯科技(深圳)有限公司 | Method, device, terminal and server for pushing safety application programs |
| KR20130058856A (en) * | 2011-11-28 | 2013-06-05 | 에스케이플래닛 주식회사 | System and method for recommending application in instant messenger |
| CN103345516A (en) * | 2013-07-10 | 2013-10-09 | 百度在线网络技术(北京)有限公司 | Application program searching method based on application program icons and system |
| CN106648730A (en) * | 2016-09-26 | 2017-05-10 | 北京小米移动软件有限公司 | Processing method and device of abnormal application |
| CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
| CN107169318A (en) * | 2017-03-31 | 2017-09-15 | 咪咕数字传媒有限公司 | A kind of method and device of application security protection |
| CN108416212A (en) * | 2018-03-01 | 2018-08-17 | 腾讯科技(深圳)有限公司 | Method for identifying application program and device |
| CN108734556A (en) * | 2018-05-18 | 2018-11-02 | 广州优视网络科技有限公司 | Recommend the method and device of application |
-
2018
- 2018-12-18 CN CN201811550753.4A patent/CN110413871B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080250323A1 (en) * | 2007-04-04 | 2008-10-09 | Huff Gerald B | Method and apparatus for recommending an application-feature to a user |
| KR20130058856A (en) * | 2011-11-28 | 2013-06-05 | 에스케이플래닛 주식회사 | System and method for recommending application in instant messenger |
| CN102799825A (en) * | 2012-07-18 | 2012-11-28 | 腾讯科技(深圳)有限公司 | Method, device, terminal and server for pushing safety application programs |
| CN103345516A (en) * | 2013-07-10 | 2013-10-09 | 百度在线网络技术(北京)有限公司 | Application program searching method based on application program icons and system |
| CN107038173A (en) * | 2016-02-04 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Application query method and apparatus, similar application detection method and device |
| CN106648730A (en) * | 2016-09-26 | 2017-05-10 | 北京小米移动软件有限公司 | Processing method and device of abnormal application |
| CN107169318A (en) * | 2017-03-31 | 2017-09-15 | 咪咕数字传媒有限公司 | A kind of method and device of application security protection |
| CN108416212A (en) * | 2018-03-01 | 2018-08-17 | 腾讯科技(深圳)有限公司 | Method for identifying application program and device |
| CN108734556A (en) * | 2018-05-18 | 2018-11-02 | 广州优视网络科技有限公司 | Recommend the method and device of application |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491613A (en) * | 2020-11-26 | 2021-03-12 | 北京航空航天大学 | Information service identifier generation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110413871B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105512881B (en) | A kind of method and terminal for completing payment based on two dimensional code | |
| US10547628B2 (en) | Security weakness and infiltration detection and repair in obfuscated website content | |
| KR101554518B1 (en) | Information obtaining method and apparatus | |
| CN106055574A (en) | Method and device for recognizing illegal URL | |
| Gao et al. | Android malware detection via graphlet sampling | |
| CN109753811B (en) | Data probe design method and device for detecting sensitive information | |
| CN108416212A (en) | Method for identifying application program and device | |
| CN107742079B (en) | Malicious software identification method and system | |
| CN110516173B (en) | Illegal network station identification method, illegal network station identification device, illegal network station identification equipment and illegal network station identification medium | |
| CN109241770A (en) | Information value calculating method, equipment and readable storage medium storing program for executing based on homomorphic cryptography | |
| CN112417485B (en) | Model training method, system and device based on trusted execution environment | |
| US10255436B2 (en) | Creating rules describing malicious files based on file properties | |
| CN111198967A (en) | User grouping method and device based on relational graph and electronic equipment | |
| CN109325357A (en) | Information value calculating method, equipment and readable storage medium storing program for executing based on RSA | |
| CN109948762A (en) | Method and apparatus for generating two dimensional code | |
| CN111191255A (en) | Information encryption processing method, server, terminal, device and storage medium | |
| JP5264813B2 (en) | Evaluation apparatus, evaluation method, and evaluation program | |
| CN110413871A (en) | Using recommended method, device and electronic equipment | |
| CN112837202B (en) | Watermark image generation and attack tracing method and device based on privacy protection | |
| CN111340574B (en) | Risk user identification method and device and electronic equipment | |
| CN109684837A (en) | A kind of mobile application malware detection method and system towards electric power enterprise | |
| CN111949655A (en) | Form display method and device, electronic equipment and medium | |
| CN112765022B (en) | Webshell static detection method based on data stream and electronic equipment | |
| JP7175148B2 (en) | Judgment device and judgment method | |
| CN113849812A (en) | Application program detection method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |