CN112733138A - Audio-visual APP safety and business compliance automatic detection system, method and medium - Google Patents
Audio-visual APP safety and business compliance automatic detection system, method and medium Download PDFInfo
- Publication number
- CN112733138A CN112733138A CN202011566225.5A CN202011566225A CN112733138A CN 112733138 A CN112733138 A CN 112733138A CN 202011566225 A CN202011566225 A CN 202011566225A CN 112733138 A CN112733138 A CN 112733138A
- Authority
- CN
- China
- Prior art keywords
- detection
- app
- safety
- compliance
- audio
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 251
- 238000000034 method Methods 0.000 title claims description 28
- 230000006399 behavior Effects 0.000 claims abstract description 46
- 230000002265 prevention Effects 0.000 claims abstract description 10
- 238000010606 normalization Methods 0.000 claims abstract description 7
- 230000006870 function Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000009434 installation Methods 0.000 claims description 3
- 208000015181 infectious disease Diseases 0.000 claims 1
- 238000007726 management method Methods 0.000 description 9
- 238000012544 monitoring process Methods 0.000 description 9
- 238000012550 audit Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 244000035744 Hura crepitans Species 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 4
- 238000005859 coupling reaction Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000035515 penetration Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000002787 reinforcement Effects 0.000 description 2
- 238000011895 specific detection Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 208000001613 Gambling Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000003071 parasitic effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 239000002574 poison Substances 0.000 description 1
- 231100000614 poison Toxicity 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Virology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses an audio-visual APP safety and service compliance automatic detection system, which comprises an APP software package uploading module, a safety detection module, a service compliance detection module and a detection report management module, wherein the APP software package uploading module is used for providing an APP software package uploading service to be detected, the safety detection module is used for providing the APP safety detection service, and detecting basic information, malicious behaviors, safety standards, dynamic safety, vulnerability and risk prevention to obtain a safety detection result; the service compliance detection module is used for carrying out normalization detection, soft terminal validity detection, user use behavior detection and video and audio decoding capability detection on the APP to obtain a compliance detection result, and the detection report management module is used for generating a detection report according to the detection results of the APP safety detection module and the service compliance detection module. The safety condition and the content compliance condition of the audio-visual APP are automatically detected through different dimensions, and a detection report is generated, so that the detection efficiency is improved.
Description
Technical Field
The invention relates to the technical field of software detection, in particular to an automatic audio-visual APP safety and business compliance detection system, method and medium.
Background
At present, the audio-visual program propagation environment is changed greatly, novel propagation means such as mobile terminal APP (mobile phone software) application and the like are developed rapidly, effective supervision is performed on emerging audio-visual propagation forms, safety compliance problems can be found in time after APP production is completed and are rapidly disposed due to the fact that the audio-visual program is updated rapidly through audio-visual APP, the propagation efficiency is high, the concealment is strong, a system for automatically detecting software safety and business compliance aiming at APP containing audio-visual program content is urgently needed for improving the safety of the audio-visual APP in the propagation process and program content compliance propagation, technical support is necessary for the content safety and propagation safety of the audio-visual APP, products for APP safety detection and safety reinforcement are numerous at present, but a special detection system for audio-visual APP concerned by radio and television is not available, the APP content safety detection system is not available, and great technical difficulty is brought to a detection mechanism in the aspects of compliance and safety detection.
Disclosure of Invention
Aiming at the defects in the prior art, the embodiment of the invention provides an automatic detection system, a method and a medium for the safety and business compliance of audio-visual APP (application), which automatically detect the safety condition and the content compliance condition of the audio-visual APP through different dimensions, generate a detection report and improve the detection efficiency.
In a first aspect, an audiovisual APP security and service compliance automatic detection system provided by the embodiment of the present invention includes an APP software package uploading module, a security detection module, a service compliance detection module, and a detection report management module, where the APP software package uploading module is configured to provide an APP software package uploading service to be detected, and the security detection module is configured to provide an APP security detection service, and detect basic information, malicious behaviors, security specifications, dynamic security, vulnerabilities, and risk precautions to obtain a security detection result; the service compliance detection module is used for carrying out normalization detection, soft terminal validity detection, user use behavior detection and video and audio decoding capability detection on the APP to obtain a compliance detection result, and the detection report management module is used for generating a detection report according to the detection results of the APP safety detection module and the service compliance detection module.
In a second aspect, the present invention provides an audiovisual APP security and service compliance automatic detection method, including the following steps:
acquiring APP software package data to be detected;
detecting basic information, malicious behaviors, security specifications, dynamic security, vulnerability and risk prevention of the APP to obtain a security detection result;
performing normalization detection, soft terminal validity detection, user use behavior detection and video and audio decoding capability detection on the APP to obtain a compliance detection result;
and acquiring a safety detection result and a compliance detection result, and generating a detection report according to the safety detection result and the compliance detection result.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, in which a computer program is stored, the computer program including program instructions, which, when executed by a processor, cause the processor to execute the method described in the above embodiment.
The invention has the beneficial effects that:
the system, the method and the medium for automatically detecting the safety and the business compliance of the audio-visual APP automatically detect the safety condition and the content compliance condition of the audio-visual APP through different dimensions and generate a detection report, so that the detection efficiency is improved.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
FIG. 1 shows an architecture diagram of an audiovisual APP Security and Business compliance automatic detection System;
FIG. 2 is a block diagram illustrating an automatic detection system for audio-visual APP security and business compliance provided by a first embodiment of the present invention;
fig. 3 shows a flowchart of an audiovisual APP security and service compliance automatic detection method according to a second embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without any inventive step, are within the scope of the present invention.
It will be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
As shown in fig. 1, an architecture diagram of an audio-visual APP security and business compliance automatic detection system is shown, the system adopts a micro-service, modularization and hierarchical design technology, the coupling degree between different modules is low, other partial modules of the system cannot be influenced by modification and perfection, the system stability is ensured, flexible changes of APP detection business can be well supported, and partial modules can be flexibly upgraded according to detection requirements, for example: and detecting rules which are more accurate and more in line with the administrative policy requirements, detecting the upgrade of each core module safely and the like. The application layer provides data and business service support for the WEB management platform and the APP visual display layer, provides functions of detecting business data viewing, detecting request creation, software package uploading, automatic detection, detecting equipment management, detecting report generation and management and the like for a user, and can be flexibly improved in real time according to user requirements.
The data detection layer is used as an independent core algorithm module, the monitoring capability of audio-visual APP software safety and content compliance is provided by advanced technologies such as cloud computing, big data and artificial intelligence, real-time upgrading and replacement can be realized, necessary detection modules (such as basic information detection, malicious behavior detection, safety specification detection, software vulnerability monitoring, risk prevention detection, user data safety detection, audio-visual normative detection, safety broadcasting monitoring, user use behavior detection, software effectiveness and the like) are added at any time according to the service progress requirements, and the user detection service development is rapidly and dynamically met.
The data storage layer is used for storing all file types and data type information used in the system and providing file storage, mobile APP installation package storage, safety detection rules, compliance detection rules, detection report storage and daily data information of the relational database storage system.
The infrastructure program is used for providing bottom hardware service support of the system, and the expandability, the safety and the stability of the system are improved by combining cloud service with proprietary equipment.
Example 1
As shown in fig. 2, a block diagram of a structure of an audiovisual APP security and service compliance automatic detection system provided in a first embodiment of the present invention is shown, where the audiovisual APP security and service compliance automatic detection system provided in this embodiment includes an APP software package uploading module, a security detection module, a service compliance detection module, and a detection report management module, the APP software package uploading module is configured to provide an APP software package uploading service to be detected, the security detection module is configured to provide an APP security detection service, and detect basic information, malicious behaviors, security specifications, dynamic security and vulnerability risk prevention to obtain a security detection result; the service compliance detection module is used for carrying out normalization detection, soft terminal validity detection, user use behavior detection and video and audio decoding capability detection on the APP to obtain a compliance detection result, and the detection report management module is used for generating a detection report according to the detection results of the APP safety detection module and the service compliance detection module.
According to the service requirements of the audio-visual APP safety and service compliance detection system, the system comprises two aspects of APP safety detection and APP service compliance detection, and users mainly comprise several roles of media mechanism personnel, APP detection personnel, detection mechanism leaders, super managers and the like. Media institution personnel register a system account number, log in after the audit is passed, then create an APP detection application, upload an APP to be detected, submit a detection application, generate a detection report after the system is automatically detected, and the media institution personnel check and download the detection report. APP detection personnel are detection mechanism workers, check and finish APP detection, check report contents, submit detection reports to organization leader for audit, audit detection mechanism leaders finish detection reports completed by the workers, generate PDF files to print and seal after audit is passed, if the detection reports do not pass, fill in reasons, and print back rewriting for detection.
The safety detection provides safety detection services of the mobile application, and comprises automatic safety detection, the automatic safety detection efficiency is high, the detection is convenient, manual intervention is not needed, and safety problems of the mobile application can be quickly detected; vulnerability mining service, further discovering potential security threats of the mobile application; the method comprises the steps of application behavior monitoring and performance detection, wherein the application behavior monitoring comprises the steps of monitoring the operation behavior of a file, address list access, short messages, equipment information acquisition, sound recording and video recording, Bluetooth access, camera access, application package management behavior, account management behavior, access position, local database storage and WebView loading behavior, and leakage of user privacy data is prevented. The APP safety detection module comprises a static detection unit, a dynamic detection unit, a simulation interaction detection unit, a penetration detection unit, a server fingerprint detection unit, a dynamic sandbox detection unit, a mobile application dynamic component detection unit, a basic information detection unit, a vulnerability and risk prevention detection unit, a malicious behavior detection unit and a safety compliance detection unit.
The static detection unit can cover security holes at a code level, can detect configuration files and resource files of the mobile application, verifies whether the mobile application meets the indexes such as normative, safety, reliability, maintainability and the like, extracts codes with potential safety hazards and stores the codes into a detection platform background, and provides data basis for subsequent security detection reports. And common sensitive data information leakage, component export bugs and other high-risk bugs or risks can be found.
The simulation interaction detection unit simulates user behavior by sending instructions such as touch and movement to the simulator, and further generates service logic in mobile application, including data flow, function call, file read-write and the like. Through monitoring the service logics, data and system methods, detection basis is provided for distinguishing malicious programs, finding dangerous methods and carrying out security penetration test on a server side.
And the penetration detection unit performs penetration test on the service server and is based on the loophole verification process of information acquisition.
Many high-risk vulnerabilities can be judged only by server fingerprints, so the server fingerprint detection unit is adopted, and the fingerprint object comprises service component security such as a back-end server system, a development framework, a Web server, a database and the like.
In the face of today's complex threats, sandbox detection units are able to provide comprehensive, in-depth defense capabilities, which is an important step in achieving strong overall security. The multi-layer defense can prevent known advanced persistent threats and actively detect unknown and existing malicious software, a mobile malicious code detection technology for monitoring and analyzing dynamic behavior characteristics in the running process of the mobile malicious code is realized based on a sandbox technology, and various model algorithms are originally created in the system to finish the judgment and evaluation of the mobile malicious code. Malicious software sensed by the virtual machine can be detected by various detection methods such as simulation and virtualization. Meanwhile, the problem that the mobile phone cannot enter the server is solved, and the stability is improved.
The mobile application dynamic component detection unit detects the safety of the mobile application component, prevents abnormal export from being called by a third party to cause local denial of service and influence the normal use of a program; the method has the advantages that operation behaviors of the application program during operation are monitored, access rights of sensitive data are monitored, an attacker is prevented from reading files maliciously, personal sensitive information, sensitive functions and the like are obtained and tampered, data integrity is damaged, and user privacy data are leaked.
And the basic information detection unit is used for detecting basic information, application authority configuration conditions, functions corresponding to application behaviors, integrated third-party SDKs, sensitive function call risks and the like. The basic information includes soft terminal name, package name, file size, version, MD5, signature information, vendor for reinforcement, etc. The function corresponding to the application behavior comprises functions corresponding to behaviors of making a call, reading a contact person and the like. Sensitive function call risk detection is the detection of whether a function with sensitive behavior is called.
The dynamic security detection unit is used for installing the mobile application into a customized virtual operation environment in modes of a sandbox model, a virtual machine and the like, so that a real environment is simulated, common weak points of the APP are detected, actions such as operation, communication and data in the installation and operation processes of the APP are detected and analyzed, the execution process of the application program is observed and analyzed from the outside, and malicious actions expressed by the application program are recorded.
The vulnerability and risk prevention detection unit is used for detecting malicious application executable program infection vulnerabilities, vulnerabilities of other executable program operation, local port open override vulnerabilities, risks of randomizing SO unused address space, risks of protecting SO unused compiler stack, risks of operating application ROOT equipment, risks of 'parasitic push' SDK cloud control vulnerabilities, ZigerDown vulnerabilities, risks of screen capture attacks, risks of downloading any APK and the like.
The malicious behavior detection unit is used for detecting sensitive words such as yellow gambling poison and violence contained in the APP and functions called in the application program and comprising sensitive behaviors such as sending short messages, sending geographic positions and making calls, ensuring that the use of the functions is necessary and limited to authorized users, deleting the sensitive words, and detecting illegal behaviors such as violation of supervision regulations and leakage of user privacy data.
The security specification detection unit is used for carrying out multi-dimensional and multi-state compliance detection on various application vulnerabilities such as component security, behavior monitoring, malicious behavior detection, self security, algorithm use security, network communication security, data interaction security, data storage security, malicious attack prevention capability and the like, and ensuring that the application vulnerabilities conform to security law specifications.
The service compliance detection module comprises an audio-visual normative detection unit and a soft terminal validity detection unit, wherein the audio-visual normative detection unit is used for detecting whether an audio-visual APP accords with audio-visual program specifications, the soft terminal validity detection unit is used for detecting whether all terminals can be normally installed, started and accessed, and detecting whether free listening to and watching of network audio-visual programs is provided for the public.
The audiovisual normalization detection unit detects content and comprises:
1) whether the back door exists or not can rebroadcast, link, aggregate and integrate programs of illegal broadcast television channels and illegal audiovisual program websites, and the access of the programs to the filed domain name, IP and the like is examined;
2) whether to prevent the inter cut and intercept the audio-visual program signal and whether to have the safety transmission guarantee capability;
3) whether a safe transmission mode such as https is used is checked, services beyond the service range are not provided, live broadcast and on-demand services, PGC and UGC are rechecked;
4) whether to use the exclusive name of the broadcast television to carry out business without permission on the Internet; whether a vulnerability exists that related information is illegally spread by using advertisement coverage behaviors;
5) whether the video and audio resources uploaded by individual users are effective or not is checked, and whether relevant illegal contents such as harming national security, inciting to destroy ethnic group knots and the like exist or not;
6) whether the played audio-visual program has backdoor of resource tampering, advertisement implantation and the like, and the capability of an advertisement control mechanism;
7) whether there is an audiovisual program resource that plays the unrequired copyright.
The soft terminal validity detection unit detects contents including:
1) whether the APP software can be normally installed and started on the compliance detection platform or not and whether the APP software can be normally accessed or not are judged;
2) whether the APP software provides free listening to and watching network audio-visual programs for the public or not is responsible for public service.
The service compliance detection module comprises a user use behavior detection unit, and the user use behavior detection unit is used for detecting whether the APP keeps the program record or not; whether the functions of user comment, barrage, message leaving and the like are available; whether an auditing means exists or not and whether illegal statements can be filtered and shielded and traceability is supported or not; and detecting whether the APP is implanted into an illegal viewing SDK (the illegal viewing SDK refers to a viewing SDK which is not included in the approval catalog of the national department broadcast television administration) of a non-video operator.
The service compliance detection module comprises a video and audio decoding capability detection unit, and the video and audio decoding capability detection unit is used for detecting the decoding format, the decoding efficiency, the decoding accuracy and the decoding quality of the APP.
The system for detecting the safety and business compliance of the characteristic audio-visual APP provided by the embodiment of the invention realizes automatic safety compliance detection, expands the detection dimensionality (detection content), improves the detection efficiency, detects the safety condition and the content compliance condition of the APP exposed in different scenes through different dimensionalities, automatically detects and outputs the detection result in a one-key mode, and automatically generates a detection report.
Specific detection items for performing security detection according to different systems in which software is installed are shown in tables 1 and 2.
TABLE 1 Security check (Android System and LINUX System)
TABLE 2 safety inspection (iOS System)
The specific detection items and descriptions of the business compliance detection module are shown in table 3:
TABLE 3 Business compliance testing
In the first embodiment, an audiovisual APP security and service compliance automatic detection system is provided, and correspondingly, an audiovisual APP security and service compliance automatic detection method is also provided. Please refer to fig. 2, which is a flowchart illustrating an automatic audio-visual APP security and service compliance detection method according to a second embodiment of the present invention. Since the method embodiments are substantially similar to the apparatus embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for relevant points. The method embodiments described below are merely illustrative.
Example 2
As shown in fig. 3, a flowchart of an automatic audiovisual APP security and service compliance detection method according to a second embodiment of the present invention is shown, where the method includes the following steps:
and S1, acquiring the APP software package data to be detected.
And S2, detecting the basic information, malicious behaviors, safety specifications, dynamic safety, vulnerability and risk prevention of the APP to obtain a safety detection result.
And S3, performing normative detection, soft terminal validity detection, user use behavior detection and video and audio decoding capability detection on the APP to obtain a compliance detection result.
And S4, acquiring the safety detection result and the compliance detection result, and generating a detection report according to the safety detection result and the compliance detection result.
And S5, submitting the generated detection report to an auditor for auditing.
And S6, if the audit is passed, forming a PDF report and printing a seal.
And S7, if the audit is not passed, filling the reason and jumping to execute the step S2.
The above is a description of an embodiment of an audiovisual APP security and service compliance automatic detection method provided in the second embodiment of the present invention.
The method for automatically detecting the safety and the business compliance of the audio-visual APP and the system for automatically detecting the safety and the business compliance of the audio-visual APP have the same inventive concept and the same beneficial effects, and are not repeated herein.
The invention also provides an embodiment of a computer-readable storage medium, in which a computer program is stored, which computer program comprises program instructions that, when executed by a processor, cause the processor to carry out the method described in the above embodiment.
The computer readable storage medium may be an internal storage unit of the terminal described in the foregoing embodiment, for example, a hard disk or a memory of the terminal. The computer readable storage medium may also be an external storage device of the terminal, such as a plug-in hard disk provided on the terminal, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the terminal. The computer-readable storage medium is used for storing the computer program and other programs and data required by the terminal. The computer readable storage medium may also be used to temporarily store data that has been or will be output.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various embodiments described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the various embodiments have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the terminal and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed terminal and method can be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; the modifications and the substitutions do not cause the essence of the corresponding technical solutions to depart from the scope of the technical solutions of the embodiments of the present invention, and the corresponding technical solutions are all covered in the claims and the specification of the present invention.
Claims (10)
1. An audio-visual APP safety and service compliance automatic detection system is characterized by comprising an APP software package uploading module, a safety detection module, a service compliance detection module and a detection report management module, wherein the APP software package uploading module is used for providing an APP software package uploading service to be detected, the safety detection module is used for providing the APP safety detection service, and basic information, malicious behaviors, safety standards, dynamic safety, vulnerability and risk prevention are detected to obtain a safety detection result; the service compliance detection module is used for carrying out normalization detection, soft terminal validity detection, user use behavior detection and video and audio decoding capability detection on the APP to obtain a compliance detection result, and the detection report management module is used for generating a detection report according to the detection results of the APP safety detection module and the service compliance detection module.
2. The system of claim 1, wherein the security detection module comprises a basic information detection unit, and the basic information detection unit is configured to detect basic information, application permission configuration, functions corresponding to application behaviors, and an integrated third party SDK.
3. The system of claim 1, wherein the security detection module comprises a malicious behavior detection unit and a security specification detection unit, the malicious behavior detection unit is used for detecting whether sensitive words exist in the APP and calling functions of sensitive behaviors, and the security specification detection unit is used for performing multi-dimensional polymorphic compliance detection on various application vulnerabilities.
4. The system of claim 1, wherein the security detection module comprises a vulnerability and risk containment detection unit to detect malicious application executable infection vulnerabilities, local port open override vulnerabilities, SO unused address space randomization risks, SO unused compiler stack protection risks, application ROOT device run risks, zip down vulnerabilities, screen capture attack risks, and download any APK risks.
5. The system of claim 1, wherein the security detection module comprises a dynamic security detection unit, and the dynamic security detection unit is used for installing the APP into a customized virtual running environment, simulating a real environment, detecting common vulnerabilities of the APP, detecting and analyzing behaviors occurring in the installation and running processes of the APP, observing and analyzing the execution process of the application program from the outside, and recording malicious behaviors expressed by the application program.
6. The system of claim 1, wherein the service compliance detection module comprises an audio-visual normative detection unit and a soft terminal validity detection unit, the audio-visual normative detection unit is used for detecting whether the audio-visual APP conforms to the audio-visual program specification, the soft terminal validity detection unit is used for detecting whether all terminals can be normally installed, started and accessed, and detecting whether free listening to the network audio-visual program is provided for the public.
7. The system of claim 1, wherein the service compliance detection module comprises a user usage behavior detection unit, and the user usage behavior detection unit is configured to detect whether the APP retains program records, has user comments, barrages, and message leaving functions, has an auditing means, can filter, shield illegal statements, and support traceability; and detecting whether the APP is implanted into an illegal viewing SDK of a non-video operator.
8. The system of claim 1, wherein the traffic compliance detection module includes a video and audio decoding capability detection unit for detecting decoding format, decoding efficiency, decoding accuracy, and decoding quality of the APP.
9. An automatic detection method for audio-visual APP safety and service compliance is characterized by comprising the following steps:
acquiring APP software package data to be detected;
detecting basic information, malicious behaviors, security specifications, dynamic security, vulnerability and risk prevention of the APP to obtain a security detection result;
performing normalization detection, soft terminal validity detection, user use behavior detection and video and audio decoding capability detection on the APP to obtain a compliance detection result;
and acquiring a safety detection result and a compliance detection result, and generating a detection report according to the safety detection result and the compliance detection result.
10. A computer-readable storage medium, characterized in that the computer storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method of claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011566225.5A CN112733138A (en) | 2020-12-25 | 2020-12-25 | Audio-visual APP safety and business compliance automatic detection system, method and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011566225.5A CN112733138A (en) | 2020-12-25 | 2020-12-25 | Audio-visual APP safety and business compliance automatic detection system, method and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112733138A true CN112733138A (en) | 2021-04-30 |
Family
ID=75616415
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011566225.5A Pending CN112733138A (en) | 2020-12-25 | 2020-12-25 | Audio-visual APP safety and business compliance automatic detection system, method and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112733138A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114115936A (en) * | 2021-10-27 | 2022-03-01 | 安天科技集团股份有限公司 | Method and device for upgrading computer program, electronic equipment and storage medium |
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
| CN114938466A (en) * | 2022-04-28 | 2022-08-23 | 国家广播电视总局广播电视科学研究院 | Internet television application monitoring system and method |
| CN116628684A (en) * | 2023-07-19 | 2023-08-22 | 杭州海康威视数字技术股份有限公司 | Mobile application security risk monitoring and early warning method, system and device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107330332A (en) * | 2017-05-23 | 2017-11-07 | 成都联宇云安科技有限公司 | A kind of leak detection method for Android mobile phone APP |
| CN108920960A (en) * | 2018-07-26 | 2018-11-30 | 北京盘石信用管理有限公司 | A kind of APP safe verification method and system |
| US20190068620A1 (en) * | 2017-08-30 | 2019-02-28 | International Business Machines Corporation | Detecting malware attacks using extracted behavioral features |
| WO2020060503A1 (en) * | 2018-09-20 | 2020-03-26 | Ucar Ozan | An email threat simulator for identifying security vulnerabilities in email protection mechanisms |
-
2020
- 2020-12-25 CN CN202011566225.5A patent/CN112733138A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107330332A (en) * | 2017-05-23 | 2017-11-07 | 成都联宇云安科技有限公司 | A kind of leak detection method for Android mobile phone APP |
| US20190068620A1 (en) * | 2017-08-30 | 2019-02-28 | International Business Machines Corporation | Detecting malware attacks using extracted behavioral features |
| CN108920960A (en) * | 2018-07-26 | 2018-11-30 | 北京盘石信用管理有限公司 | A kind of APP safe verification method and system |
| WO2020060503A1 (en) * | 2018-09-20 | 2020-03-26 | Ucar Ozan | An email threat simulator for identifying security vulnerabilities in email protection mechanisms |
Non-Patent Citations (2)
| Title |
|---|
| 流媒体网: "新标准:总局规划院《网络视听类APP基本测试方法》", Retrieved from the Internet <URL:《https://www.163.com/dy/article/FUHD9BEN05118K13.html》> * |
| 牛少彰 等编著: "《移动互联网安全》", 北京:机械工业出版社, pages: 163 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114115936A (en) * | 2021-10-27 | 2022-03-01 | 安天科技集团股份有限公司 | Method and device for upgrading computer program, electronic equipment and storage medium |
| CN114938466A (en) * | 2022-04-28 | 2022-08-23 | 国家广播电视总局广播电视科学研究院 | Internet television application monitoring system and method |
| CN114938466B (en) * | 2022-04-28 | 2023-11-07 | 国家广播电视总局广播电视科学研究院 | Internet television application monitoring system and method |
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
| CN116628684A (en) * | 2023-07-19 | 2023-08-22 | 杭州海康威视数字技术股份有限公司 | Mobile application security risk monitoring and early warning method, system and device and electronic equipment |
| CN116628684B (en) * | 2023-07-19 | 2023-10-13 | 杭州海康威视数字技术股份有限公司 | Mobile application security risk monitoring and early warning method, system and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11593492B2 (en) | Assessment and analysis of software security flaws | |
| CN112733138A (en) | Audio-visual APP safety and business compliance automatic detection system, method and medium | |
| CN112685737A (en) | APP detection method, device, equipment and storage medium | |
| US8613080B2 (en) | Assessment and analysis of software security flaws in virtual machines | |
| CN108322446A (en) | Intranet assets leak detection method, device, computer equipment and storage medium | |
| CN104517054B (en) | Method, device, client and server for detecting malicious APK | |
| US8918885B2 (en) | Automatic discovery of system integrity exposures in system code | |
| CN106355081A (en) | Android program start verification method and device | |
| KR20140098025A (en) | System and Method For A SEcurity Assessment of an Application Uploaded to an AppStore | |
| CN112149123B (en) | Safety inspection system and method for application program | |
| CN116361807A (en) | Risk management and control method and device, storage medium and electronic equipment | |
| Haque et al. | Well begun is half done: An empirical study of exploitability & impact of base-image vulnerabilities | |
| CN116415300A (en) | File protection method, device, equipment and medium based on eBPF | |
| Qi et al. | A comparative study on the security of cryptocurrency wallets in android system | |
| Spreitzenbarth | Dissecting the Droid: Forensic analysis of android and its malicious applications | |
| Gehani | Support for automated passive host-based intrusion response | |
| Gokkaya et al. | Software supply chain: review of attacks, risk assessment strategies and security controls | |
| CN112257067B (en) | Based on arm cloud recreation Trojan virus server detection device | |
| CN116186718B (en) | Reinforcing test method based on kernel protection server data | |
| CN113449296B (en) | System, method, device and medium for data security protection | |
| Beijnum | Haly: Automated evaluation of hardening techniques in Android and iOS apps | |
| Rein et al. | Threat model of the testing subsystem for rare mobile device owners | |
| Katarya et al. | Multilayered Risk analysis of Mobile systems and Apps | |
| Zhou | Defending against stealthy mobile unwanted apps | |
| CN117112658A (en) | Data processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |