CN102789506A - Method and device for extracting characteristic information of application program installation package as well as client equipment - Google Patents
Method and device for extracting characteristic information of application program installation package as well as client equipment Download PDFInfo
- Publication number
- CN102789506A CN102789506A CN2012102505459A CN201210250545A CN102789506A CN 102789506 A CN102789506 A CN 102789506A CN 2012102505459 A CN2012102505459 A CN 2012102505459A CN 201210250545 A CN201210250545 A CN 201210250545A CN 102789506 A CN102789506 A CN 102789506A
- Authority
- CN
- China
- Prior art keywords
- application program
- installation kit
- program installation
- characteristic information
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/258—Heading extraction; Automatic titling; Numbering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computational Linguistics (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Artificial Intelligence (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method and a device for extracting characteristic information of an application program installation package as well as client equipment and belongs to the technical field of safety. The method comprises the following steps of: uncompressing data not greater than a threshold value in the application program installation package; analyzing uncompressed data obtained through uncompressing, and acquiring key data containing the characteristic information of the application program installation package; repeating the previous two steps until the application program installation package is completely uncompressed, and acquiring all the key data in the application program installation package; and analyzing all the key data and extracting the characteristic information of the application program installation package from the key data. By virtue of the technical scheme adopted by the invention, the occupied space of a memory can be effectively reduced, the time for extracting the characteristic information of the application program installation package can be shortened, and the efficiency of acquiring the characteristic information from the application program installation package can be improved.
Description
Technical field
The present invention relates to the safety technique field, particularly a kind of characteristics information extraction method of application program installation kit, device and client device.
Background technology
The application program installation kit is generally a compressed file, can comprise resource file, configuration file and executable file or the like usually in this compressed file.For example, the application program installation kit of Android system can be called the apk file, for example can comprise executable file dex file and alternative document or the like in the apk file of this compressed format.
In the prior art,, need the installation kit of application programs to decompress, get access to complete executable file for whether the installation kit that detects application program is rogue software or virus.In internal memory, complete executable file is resolved then, extract characteristic information; And characteristic information that extracts and the characteristic information that Virus Sample comprised in the preset virus characteristic storehouse compared, whether be rogue's program or virus document thereby detect this application program installation kit.For example for the apk file of Android system; Can decompress to the apk file; Therefrom obtain the dex file, again the dex file is resolved, therefrom extract characteristic informations such as class name, method name and constant character string; When the characteristic information that extracts was identical with the characteristic information that certain Virus Sample comprised in the preset virus characteristic storehouse, this apk file was rogue's program or virus document.
In realizing process of the present invention, the inventor finds that there is following problem at least in prior art: in the prior art, when needs application programs installation kit detects; Obtain complete executable file after needing the application programs installation kit to decompress; In internal memory, the complete executable file that obtains is resolved characteristic information extraction then, when executable file is bigger, complete executable file is placed in the internal memory; Can take a large amount of internal memories; Cause low memory, prolong the time of characteristic information extraction, have a strong impact on the efficient of from the application program installation kit, obtaining characteristic information.
Summary of the invention
In order to solve prior art problems, the embodiment of the invention provides a kind of characteristics information extraction method, device and client device of application program installation kit.Said technical scheme is following:
On the one hand, a kind of characteristics information extraction method of application program installation kit is provided, said method comprises:
The data that are not more than a threshold value in the application programs installation kit decompress;
Decompressed data to decompression obtains is analyzed, and obtains the critical data of the characteristic information that comprises said application program installation kit;
Repeat above-mentioned two steps, finish, get access to all critical datas in the said application program installation kit up to said application program installation kit is decompressed; Said all critical datas are resolved, from said all critical datas, extract the characteristic information of said application program installation kit.
Alternatively, as stated in the method, threshold value is a preset value or confirms according to the size of said application program installation kit.
Alternatively, as stated in the method, the characteristic information of said application program installation kit comprises at least a in class name, method name and the constant character string.
On the other hand, a kind of characteristic information extraction element of application program installation kit is provided, said device comprises:
Decompression module is used for the data that the application programs installation kit is not more than a threshold value and decompresses;
Acquisition module is used for the decompressed data that said decompression module decompression obtains is analyzed, and obtains the critical data of the characteristic information that comprises said application program installation kit;
Control module is used to control said decompression module and said acquisition module repeats corresponding operating, finishes up to said application program installation kit is decompressed, and said acquisition module gets access to all critical datas in the said application program installation kit; Extraction module is used for said all critical datas are resolved, and from said all critical datas that said acquisition module gets access to, extracts the characteristic information of said application program installation kit.
Alternatively, in the device, also comprise threshold determination module as stated:
Said threshold determination module is used for preset said threshold value or confirms said threshold value according to the size of said application program installation kit.
Alternatively, in the device, the characteristic information of said application program installation kit comprises at least a in class name, method name and the constant character string as stated.
On the one hand, characteristics information extraction method in a kind of apk file is provided again, it adopts as above arbitrary described method.
Another aspect provides a kind of client device, on said client device, comprises the characteristic information extraction element of as above arbitrary described application program installation kit.
Alternatively, in the aforesaid client device, said client device comprises portable terminal.Alternatively, in the aforesaid client device, said client device comprises the portable terminal that the An Zhuo system is installed.
Characteristics information extraction method, device and the client device of the application program installation kit of the embodiment of the invention decompress through the data that are not more than a threshold value in the application programs installation kit; And the decompressed data that decompression obtains analyzed, obtain the critical data that comprises characteristic information; Repeat above-mentioned two steps; Up to being decompressed, said application program installation kit finishes; Get access to all critical datas in the application program installation kit, and all critical datas are resolved, from all critical datas, extract the characteristic information of application program installation kit.Adopt the technical scheme of the embodiment of the invention; The data that can be in internal memory respectively size be equaled threshold value decompress, and after decompressing, decompressed data analysis are obtained the critical data comprising characteristic information, can not take bigger internal memory in the decompression procedure; And because in the technical scheme of the embodiment of the invention; After each the decompression, only obtain the critical data in the decompressed data, so in the technical scheme of the present invention; Only need from all critical datas of obtaining, extract the characteristic information of application program installation kit; Compare with the characteristic information that from whole executable file, obtains the application program installation kit of the prior art, the technical scheme of the embodiment of the invention can reduce the EMS memory occupation space effectively when implementing; Shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of from the application program installation kit, obtaining characteristic information.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention; The accompanying drawing of required use is done to introduce simply in will describing embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The process flow diagram of the characteristics information extraction method of the application program installation kit that Fig. 1 provides for the embodiment of the invention one;
The process flow diagram of the characteristics information extraction method of the application program installation kit that Fig. 2 provides for the embodiment of the invention two;
The structural representation of the characteristic information extraction element of the application program installation kit that Fig. 3 provides for the embodiment of the invention three;
The characteristic information extraction element of the application program installation kit that Fig. 4 provides for the embodiment of the invention four;
The structural representation of the client device that Fig. 5 provides for the embodiment of the invention five.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing that embodiment of the present invention is done to describe in detail further below.
Embodiment one
The process flow diagram of the characteristics information extraction method of the application program installation kit that Fig. 1 provides for the embodiment of the invention one.The executive agent of the characteristics information extraction method of the application program installation kit of present embodiment is the characteristic information extraction element of an application program installation kit, and the characteristic information extraction element of this application program installation kit specifically can be arranged on the client device.As shown in Figure 1, the characteristics information extraction method of the application program installation kit of present embodiment specifically can comprise the steps:
100, the data that are not more than a threshold value in the application programs installation kit decompress;
101, the decompressed data that decompression is obtained is analyzed, and obtains the critical data of the characteristic information that comprises the application program installation kit;
For example, wherein critical data is the data of the characteristic information that comprises the application program installation kit.
102, repeat above-mentioned 100 and 101 two steps, decompressing up to the application programs installation kit finishes, and gets access to all critical datas in the application program installation kit;
Critical data in the present embodiment is the data that comprise characteristic information in the executable file of application program installation kit.Need to prove, except comprising this critical data, also include other data in the executable file, do not comprise the characteristic information of application program installation kit in these other data.The big or small sum of all critical datas that therefore decompressing finishes obtains is less than the size of the executable file in the application program installation kit.
103, all critical datas are resolved, from all critical datas, extract the characteristic information of application program installation kit.
The application program installation kit of present embodiment can be the application program installation kit under the various systems, for example can be the application program installation kit of windows system, can also be the application program installation kit of Android system.For example specifically can be called the apk file for the application program installation kit of Android system.When the application program installation kit is the apk file, corresponding executable file is the dex file, and at this moment, the big or small sum of all critical datas is less than the size of dex file in the present embodiment.Can also be the application program installation kit under the ios system.
For example threshold value can be a preset value in the present embodiment, maybe can also be for confirming according to the size of application program installation kit, and the memory headroom that for example takies when reducing embodiment can be provided with threshold value and be tens very little K.In the technical scheme of present embodiment, the data that size equals threshold value in each only application programs installation kit decompress, and obtain the decompressed data that directly after decompressing, obtains can characteristic information extraction critical data.Because the application program installation kit comprises resource file, configuration file and executable file or the like; After the data to threshold size decompress; The data that can obtain decompressing with reference to prior art are the data in which file in the application program installation kit, owing to only can from executable file, extract the characteristic information of application program installation kit, so; Can abandon resource file or the data of configuration file in the decompressed data, keep the data of executable file; Further; Also include the data and the data that can not extract the characteristic information of application program installation kit of the characteristic information that can extract the application program installation kit in the executable file, the data that wherein can extract the characteristic information of application program installation kit are valid data; The critical data that can only keep the data that belong to the characteristic information that can extract the application program installation kit in the executable file in the decompressed data like this.
Therefore, after each the decompression, can access a part of critical data, repeat the application programs installation kit and carry out decompression operation, whole application program installation kit is decompressed can obtain all critical datas; From all critical datas, extract the characteristic information of application program installation kit at last; For example specifically can from all critical datas, extract the characteristic information of application program installation kit with reference to the method that from executable file, adopts the analytical analysis method to obtain the characteristic information of application program installation kit in the prior art.
The characteristics information extraction method of the application program installation kit of present embodiment decompresses through the data that are not more than threshold size in the application programs installation kit; Decompressed data to decompression obtains is analyzed, and obtains the critical data that comprises characteristic information; Repeat above-mentioned two steps, decompressing up to the application programs installation kit finishes, and gets access to all critical datas in the application program installation kit, and all critical datas are resolved, and from all critical datas, extracts the characteristic information of application program installation kit.Adopt the technical scheme of present embodiment; Can be in internal memory respectively the data of threshold size be decompressed, and after decompressing, decompressed data analysis is obtained the critical data comprising characteristic information, can not take bigger internal memory in the decompression procedure; And because in the technical scheme of present embodiment; After each the decompression, only obtain the critical data in the decompressed data, so in the technical scheme of present embodiment; Only need from all critical datas of obtaining, extract the characteristic information of application program installation kit; Compare with the characteristic information that from whole executable file, obtains the application program installation kit of the prior art, the technical scheme of present embodiment can reduce the EMS memory occupation space effectively when implementing; Shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of from the application program installation kit, obtaining characteristic information.
For example; Alternatively; On the basis of above-mentioned technical scheme embodiment illustrated in fig. 1, wherein step 100 " data that are not more than threshold size in the application programs installation kit decompress " before, the characteristics information extraction method of the application program installation kit of the foregoing description also comprises the steps:
(1) judges in the application program installation kit that whether the size of decompressed data is more than or equal to threshold value; If the size of the not decompressed data in the application program installation kit is more than or equal to threshold value, execution in step (2); Further alternatively, if the size of not decompressed data in the application program installation kit is less than threshold value, execution in step (3);
(2) read the data that size equals threshold value in the not decompressed data from the application program installation kit; Further alternatively, execution in step (4);
(3) read not decompressed data in the application program installation kit; Further alternatively, execution in step (5);
(4) the big or small data that equal threshold value decompress in the application programs installation kit.
This step (4) can be regarded as a kind of concrete implementation of the step 100 " data that are not more than threshold value in the application programs installation kit decompress " in the foregoing description.
(5) big or small not decompressed data less than threshold value decompresses in the application programs installation kit.
This step (5) also can be regarded as the another kind of concrete implementation of the step 100 " data that are not more than threshold value in the application programs installation kit decompress " in the foregoing description.
Alternatively, all critical datas of obtaining in the foregoing description can be stored in the internal memory according to the actual treatment demand or buffer memory in.Perhaps can also be stored in earlier in the disk, when demand is extracted the characteristic information of application program installation kit from all critical datas, again all critical datas read in buffer memory or the internal memory.Need analyze whole executable file with prior art; Therefrom obtaining the characteristic information of application program installation kit compares; The object of extract handling in the present embodiment is all critical datas, and the big or small sum of all critical datas is less than the size of executable file, thereby can save the space of EMS memory occupation effectively; Shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of the characteristic information that extracts the application program installation kit.
Alternatively, the characteristic information of the application program installation kit in the foregoing description comprises and extracts at least a in class name, method name and the constant character string.Whether the characteristic information of these application program installation kits is used for comparing with the characteristic information that Virus Sample comprised in preset virus characteristic storehouse, be rogue's program or virus document thereby judge this application program installation kit.Can comprise a plurality of Virus Samples in the preset virus characteristic storehouse, each Virus Sample can comprise at least one characteristic information; When the included characteristic information of the characteristic information that extracts and certain Virus Sample in the virus characteristic storehouse is all identical, can think that this application program installation kit is rogue's program or virus document; Otherwise this application program installation kit is a normal file.Can repeat no more at this with reference to related art in detail.
The characteristics information extraction method of the application program installation kit through adopting the foregoing description; Compare with the characteristic information that from whole executable file, obtains the application program installation kit of the prior art; The technical scheme of present embodiment is when implementing; Can reduce the EMS memory occupation space effectively, shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of from the application program installation kit, obtaining characteristic information.
Can know by the foregoing description; The characteristics information extraction method of the application program installation kit of the foregoing description specifically can be applied in the checking and killing virus process; The characteristic information of application programs installation kit extracts; Can adopt the characteristic information and preset virus characteristic storehouse of related art then, judge whether this application program installation kit is rogue's program or virus document according to the application program installation kit that extracts.Can repeat no more at this with reference to related art in detail.
Embodiment two
The process flow diagram of the characteristics information extraction method of the application program installation kit that Fig. 2 provides for the embodiment of the invention two.As shown in Figure 2; The characteristics information extraction method of the application program installation kit of present embodiment is on the basis of the foregoing description; In conjunction with its application scenarios; Introduce technical scheme of the present invention in further detail, in like manner, the executive agent of the characteristics information extraction method of the application program installation kit of present embodiment still is the characteristic information extraction element of an application program installation kit.As shown in Figure 2, the characteristics information extraction method of the application program installation kit of present embodiment specifically can comprise the steps:
200, judge in the application program installation kit that whether the size of decompressed data is more than or equal to a threshold value; If more than or equal to, execution in step 201, otherwise if less than, execution in step 203;
Wherein threshold value is preset size, in order to reduce EMS memory occupation, under the threshold value with can be provided with less, the application program installation kit generally should be greater than this threshold value like this.Can not carry out this step 200 this moment, and directly execution in step 201.But, preferably begin from step 200 in order to prevent also have smaller applications program installation kit to miss detection.
201, from the not decompressed data of application program installation kit, read data that size equals threshold value to internal memory; Execution in step 202;
202, the data that size equals threshold value in the application programs installation kit in internal memory decompress.Execution in step 205;
203, read not decompressed data in the application program installation kit to internal memory; Execution in step 204;
204, in internal memory in the application programs installation kit size decompress less than the not decompressed data of threshold value; Execution in step 205;
205, from the decompressed data that decompression obtains, obtain the critical data of the characteristic information that comprises the application program installation kit; Execution in step 206;
206, judge whether the application program installation kit decompresses and finish, when decompression finishes, execution in step 207; Do not finish execution in step 200 otherwise ought decompress;
207, decompression all critical datas that obtain that finish are resolved, from all critical datas, extract the characteristic information of application program installation kit.
For example the characteristic information of application program installation kit comprises and extracts at least a in class name, method name and the constant character string.
The characteristics information extraction method of the application program installation kit of present embodiment is through adopting technique scheme, after each the decompression; Only obtain the critical data in the decompressed data;, can not take bigger internal memory in the decompression procedure, and the big or small sum of all critical datas that final decompression obtains in the present embodiment is less than the size of the executable file in the application program installation kit; And only need from all critical datas of obtaining, extract the characteristic information of application program installation kit; Compare with the characteristic information that from whole executable file, obtains the application program installation kit of the prior art, the technical scheme of present embodiment can reduce the EMS memory occupation space effectively when implementing; Shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of from the application program installation kit, obtaining characteristic information.
With reference to the foregoing description one and two; The embodiment of the invention can also provide the method for distilling of sign information in a kind of apk file; Wherein specifically can adopt the characteristics information extraction method of the application program installation kit of the foregoing description to realize; This moment, the application program installation kit was the apk file, can repeat no more at this with reference to the record of above-mentioned correlation technique embodiment in detail.
Embodiment three
The structural representation of the characteristic information extraction element of the application program installation kit that Fig. 3 provides for the embodiment of the invention three.As shown in Figure 3, the characteristic information extraction element of the application program installation kit of present embodiment comprises: decompression module 10, acquisition module 11, control module 12 and extraction module 13.
Wherein decompression module 10 is used for the data that the application programs installation kit is not more than a threshold value and decompresses; Acquisition module 11 is connected with decompression module 10, and acquisition module 11 is used for the decompressed data that 10 decompressions obtain to decompression module to be analyzed, and obtains the critical data that comprises characteristic information; Control module 12 is connected with acquisition module 11 with decompression module 10 respectively; Control module 12 is used to control decompression module 10 and repeats corresponding operating with acquisition module 11; Finish up to the decompression of application programs installation kit, acquisition module 11 gets access to all critical datas in the application program installation kit; Wherein the big or small sum of all useful datas is less than the size of the executable file in the application program installation kit; Extraction module 13 is connected with acquisition module 11; Extraction module 13 is used for after 12 pairs of decompression modules of control module 10 and acquisition module 11 control and treatment; All critical datas to acquisition module 11 gets access to are resolved, and from all critical datas that acquisition module 11 gets access to, extract the characteristic information of application program installation kit.
The characteristic information extraction element of the application program installation kit of present embodiment; Through adopting above-mentioned module to realize that the characteristic information of application program installation kit extracts; Identical with the realization mechanism of above-mentioned correlation technique embodiment, can repeat no more at this with reference to the record of above-mentioned correlation technique embodiment in detail.
The characteristic information extraction element of the application program installation kit of present embodiment realizes that through adopting above-mentioned module the data that are not more than a threshold value in the application programs installation kit decompress; And pile the decompressed data that obtains that decompresses and resolve, obtain the critical data that comprises characteristic information; Repeat above-mentioned two steps, decompressing up to the application programs installation kit finishes, and gets access to all critical datas in the application program installation kit, and all critical datas are resolved, and from all critical datas, extracts the characteristic information of application program installation kit.Adopt the technical scheme of the embodiment of the invention, can be in internal memory respectively the data of threshold size be decompressed, and after decompressing, decompressed data analysis is obtained the critical data comprising characteristic information; Can not take bigger internal memory in the decompression procedure; And owing in the technical scheme of present embodiment, after each the decompression, only obtain the critical data in the decompressed data; And all useful datas are less than the size of the executable file in the application program installation kit; Therefore in the technical scheme of present embodiment, only need from all critical datas of obtaining, extract the characteristic information of application program installation kit, compare with the characteristic information that from whole executable file, obtains the application program installation kit of the prior art; The technical scheme of present embodiment is when implementing; Can reduce the EMS memory occupation space effectively, shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of from the application program installation kit, obtaining characteristic information.
Embodiment four
The characteristic information extraction element of the application program installation kit that Fig. 4 provides for the embodiment of the invention four.As shown in Figure 4, the characteristic information extraction element of the application program installation kit of present embodiment on above-mentioned basis embodiment illustrated in fig. 3, can also comprise following technical scheme.
As shown in Figure 4, the characteristic information extraction element of the application program installation kit of present embodiment also comprises judge module 14 and read module 15.
Judge module 14 was used for before the data that decompression module 10 application programs installation kits are not more than threshold size decompress, and judged in the application program installation kit that whether the size of decompressed data is more than or equal to threshold value; Read module 15 is connected with judge module 14; Read module 15 is used for if the size of the not decompressed data of judge module 14 definite application program installation kits more than or equal to threshold value, reads the data that size equals threshold value in the not decompressed data from the application program installation kit; Decompression module 10 is connected with read module 15, and the data that the application program installation kit size that decompression module 10 is used for that specifically read module 15 is read equals threshold value decompress.
Further alternatively; Read module 15 in the characteristic information extraction element of the application program installation kit of present embodiment also is used for if the size of the not decompressed data of judge module 14 definite application program installation kits less than threshold value, reads the not decompressed data in the application program installation kit; The big or small not decompressed data less than threshold value of application program installation kit that decompression module 10 specifically is used for read module 15 is read decompresses.
Further alternatively, the application program installation kit in the characteristic information extraction element of the application program installation kit of present embodiment is the apk file.
Further alternatively, the characteristic information of the application program installation kit in the characteristic information extraction element of the application program installation kit of present embodiment comprises and extracts at least a in class name, method name and the constant character string.
Alternatively, also comprise threshold determination module in the characteristic information extraction element of the application program installation kit of present embodiment, threshold determination module is used for predetermined threshold value or confirms said threshold value according to the size of application program installation kit.
The characteristic information extraction element of application program installation kit embodiment illustrated in fig. 4; To comprise that above-mentioned all optional technical schemes are that example is described technical scheme of the present invention; In the practical application; Above-mentioned all optional technical schemes can adopt any combinative mode to constitute the optional technical scheme of the embodiment of the invention, give an example no longer one by one at this.
The characteristic information extraction element of the application program installation kit of present embodiment; Through adopting above-mentioned module to realize that the characteristic information of application program installation kit extracts; Identical with the realization mechanism of above-mentioned correlation technique embodiment, can repeat no more at this with reference to the record of above-mentioned correlation technique embodiment in detail.
The characteristic information extraction element of the application program installation kit of present embodiment; Through adopting technique scheme; Compare with the characteristic information that from whole executable file, obtains the application program installation kit of the prior art, the technical scheme of present embodiment can reduce the EMS memory occupation space effectively when implementing; Shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of from the application program installation kit, obtaining characteristic information.
Embodiment five
The structural representation of the client device that Fig. 5 provides for the embodiment of the invention five.As shown in Figure 5, comprise the characteristic information extraction element 30 of application program installation kit on the client device 20 of present embodiment.
Particularly; The characteristic information extraction element 30 of the application program installation kit in the client device of present embodiment specifically can adopt the perhaps characteristic information extraction element of application program installation kit shown in Figure 4 of above-mentioned Fig. 3, specifically can adopt above-mentioned Fig. 1 or method embodiment illustrated in fig. 2 to realize.
Alternatively, can also be provided with preset virus characteristic storehouse in the client device 20 of present embodiment.The characteristic information extraction element 30 of application program installation kit extracts after the characteristic information of application program installation kit; Whether client device 20 is compared the characteristic information of application program installation kit and the characteristic information that Virus Sample comprised in the virus characteristic storehouse, be rogue's program or virus document thereby judge this application program installation kit.Can comprise a plurality of Virus Samples in the preset virus characteristic storehouse, each Virus Sample can comprise at least one characteristic information; When the included characteristic information of the characteristic information that extracts and certain Virus Sample in the virus characteristic storehouse is all identical, can think that this application program installation kit is rogue's program or virus document; Otherwise this application program installation kit is a normal file.Can repeat no more at this with reference to related art in detail.
Alternatively, the client device of present embodiment comprises portable terminal, perhaps can also comprise fixed terminal.Further alternatively, the client device of present embodiment comprises the portable terminal that the An Zhuo system is installed.
The client device of present embodiment through adopting the characteristic information extraction element of above-mentioned application program installation kit, decompresses through the data that are not more than a threshold value in the application programs installation kit; And the decompressed data that decompression obtains resolved, obtain the critical data that comprises characteristic information; Repeat above-mentioned two steps, decompressing up to the application programs installation kit finishes, and gets access to all critical datas in the application program installation kit, and all critical datas are resolved, and from all critical datas, extracts the characteristic information of application program installation kit.Adopt the technical scheme of the embodiment of the invention; Can be in internal memory respectively the data of threshold value be decompressed, and after decompressing, decompressed data analysis is obtained the critical data comprising characteristic information, can not take bigger internal memory in the decompression procedure; And because in the technical scheme of present embodiment; After each the decompression, only obtain the critical data in the decompressed data, and the big or small sum of all critical datas is less than the size of the executable file in the application program installation kit; Therefore in the technical scheme of present embodiment, only need from all critical datas of obtaining, extract the characteristic information of application program installation kit.Compare with the characteristic information that from whole executable file, obtains the application program installation kit of the prior art; The technical scheme of present embodiment is when implementing; Can reduce the EMS memory occupation space effectively; Shorten the time of the characteristic information that extracts the application program installation kit, improve the efficient of from the application program installation kit, obtaining characteristic information.
Need to prove: the characteristic information extraction element of the application program installation kit that the foregoing description provides is when extracting the characteristic information of application program installation kit; Only the division with above-mentioned each functional module is illustrated; In the practical application; Can as required above-mentioned functions be distributed by the different functional completion, the inner structure that is about to device is divided into different functional, to accomplish all or part of function of above description.In addition, the method embodiment that the characteristic information extraction element of the application program installation kit that the foregoing description provides and the characteristic information of application program installation kit extract belongs to same design, and its concrete implementation procedure sees method embodiment for details, repeats no more here.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
The all or part of step that one of ordinary skill in the art will appreciate that realization the foregoing description can be accomplished through hardware; Also can instruct relevant hardware to accomplish through program; Described program can be stored in a kind of computer-readable recording medium; The above-mentioned storage medium of mentioning can be a ROM (read-only memory), disk or CD etc.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the characteristics information extraction method of an application program installation kit is characterized in that, said method comprises:
The data that are not more than a threshold value in the application programs installation kit decompress;
Decompressed data to decompression obtains is analyzed, and obtains the critical data of the characteristic information that comprises said application program installation kit;
Repeat above-mentioned two steps; Up to being decompressed, said application program installation kit finishes; Get access to all critical datas in the said application program installation kit, said all critical datas are resolved, from said all critical datas, extract the characteristic information of said application program installation kit.
2. method according to claim 1 is characterized in that, said threshold value is a preset value or confirms according to the size of said application program installation kit.
3. according to the arbitrary described method of claim 1-2, it is characterized in that the characteristic information of said application program installation kit comprises at least a in class name, method name and the constant character string.
4. the characteristic information extraction element of an application program installation kit is characterized in that, said device comprises:
Decompression module is used for the data that the application programs installation kit is not more than a threshold value and decompresses;
Acquisition module is used for the decompressed data that obtains that decompresses from said decompression module is analyzed, and obtains the critical data of the characteristic information that comprises said application program installation kit;
Control module is used to control said decompression module and said acquisition module repeats corresponding operating, finishes up to said application program installation kit is decompressed, and said acquisition module gets access to all critical datas in the said application program installation kit;
Extraction module is used for said all critical datas are resolved, and from said all critical datas that said acquisition module gets access to, extracts the characteristic information of said application program installation kit.
5. device according to claim 4 is characterized in that, said device also comprises threshold determination module:
Said threshold determination module is used for preset said threshold value or confirms said threshold value according to the size of said application program installation kit.
6. according to claim 4 or 5 described devices, it is characterized in that the characteristic information of said application program installation kit comprises at least a in class name, method name and the constant character string.
7. characteristics information extraction method in the apk file is characterized in that it adopts the arbitrary described method of claim 1-3.
8. a client device is characterized in that, on said client device, comprises the characteristic information extraction element like the arbitrary described application program installation kit of claim 4-6.
9. equipment according to claim 8 is characterized in that said client device comprises portable terminal.
10. equipment according to claim 8 is characterized in that, said client device comprises the portable terminal that the An Zhuo system is installed.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210250545.9A CN102789506B (en) | 2012-07-19 | 2012-07-19 | Method and device for extracting characteristic information of application program installation package as well as client equipment |
| KR1020147023000A KR101691948B1 (en) | 2012-07-19 | 2013-07-11 | Method, apparatus and client device for extracting signature information from application installation packages |
| PCT/CN2013/079222 WO2014012459A1 (en) | 2012-07-19 | 2013-07-11 | Method, apparatus and client device for extracting signature information from application installation packages |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210250545.9A CN102789506B (en) | 2012-07-19 | 2012-07-19 | Method and device for extracting characteristic information of application program installation package as well as client equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102789506A true CN102789506A (en) | 2012-11-21 |
| CN102789506B CN102789506B (en) | 2014-09-24 |
Family
ID=47154909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210250545.9A Active CN102789506B (en) | 2012-07-19 | 2012-07-19 | Method and device for extracting characteristic information of application program installation package as well as client equipment |
Country Status (3)
| Country | Link |
|---|---|
| KR (1) | KR101691948B1 (en) |
| CN (1) | CN102789506B (en) |
| WO (1) | WO2014012459A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103279709A (en) * | 2012-12-28 | 2013-09-04 | 武汉安天信息技术有限责任公司 | Method and system for comprehensively detecting advertisement plug-in based on multi-features |
| WO2013149569A1 (en) * | 2012-04-06 | 2013-10-10 | 腾讯科技(深圳)有限公司 | Installation package virus checking and killing method and device |
| WO2014012459A1 (en) * | 2012-07-19 | 2014-01-23 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and client device for extracting signature information from application installation packages |
| WO2015196623A1 (en) * | 2014-06-25 | 2015-12-30 | 优视科技有限公司 | Incremental upgrade method and system for file |
| CN105915623A (en) * | 2016-05-20 | 2016-08-31 | 努比亚技术有限公司 | Device and method of processing application installation package |
| CN106599017A (en) * | 2016-10-20 | 2017-04-26 | 广州优视网络科技有限公司 | Method and device for scanning and resolving installation packages, and mobile terminal |
| CN108804314A (en) * | 2018-05-23 | 2018-11-13 | 北京五八信息技术有限公司 | Installation kit test method, device, equipment and computer readable storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11436331B2 (en) | 2020-01-16 | 2022-09-06 | AVAST Software s.r.o. | Similarity hash for android executables |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102024025A (en) * | 2010-11-12 | 2011-04-20 | 电子科技大学 | Method for decompressing large-data-volume package in mobile rich media application |
| CN102222183A (en) * | 2011-04-28 | 2011-10-19 | 奇智软件(北京)有限公司 | Mobile terminal software package safety detection method and system thereof |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101043299B1 (en) * | 2009-07-21 | 2011-06-22 | (주) 세인트 시큐리티 | Method, system and computer readable recording medium for detecting exploit code |
| KR101161493B1 (en) * | 2010-01-18 | 2012-06-29 | (주)쉬프트웍스 | Method of Examining Malicious Codes and Dangerous Files in Android Terminal Platform |
| KR20110138076A (en) * | 2010-06-18 | 2011-12-26 | 삼성전자주식회사 | Data storage device and write method thereof |
| CN102789506B (en) * | 2012-07-19 | 2014-09-24 | 腾讯科技(深圳)有限公司 | Method and device for extracting characteristic information of application program installation package as well as client equipment |
-
2012
- 2012-07-19 CN CN201210250545.9A patent/CN102789506B/en active Active
-
2013
- 2013-07-11 KR KR1020147023000A patent/KR101691948B1/en active IP Right Grant
- 2013-07-11 WO PCT/CN2013/079222 patent/WO2014012459A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102024025A (en) * | 2010-11-12 | 2011-04-20 | 电子科技大学 | Method for decompressing large-data-volume package in mobile rich media application |
| CN102222183A (en) * | 2011-04-28 | 2011-10-19 | 奇智软件(北京)有限公司 | Mobile terminal software package safety detection method and system thereof |
Non-Patent Citations (1)
| Title |
|---|
| A SHABTAI等: "Automated Static Code Analysis for Classifying Android Applications Using Machine Learning", 《2010 INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY》, 11 December 2010 (2010-12-11), pages 329 - 333 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013149569A1 (en) * | 2012-04-06 | 2013-10-10 | 腾讯科技(深圳)有限公司 | Installation package virus checking and killing method and device |
| WO2014012459A1 (en) * | 2012-07-19 | 2014-01-23 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and client device for extracting signature information from application installation packages |
| CN103279709A (en) * | 2012-12-28 | 2013-09-04 | 武汉安天信息技术有限责任公司 | Method and system for comprehensively detecting advertisement plug-in based on multi-features |
| WO2015196623A1 (en) * | 2014-06-25 | 2015-12-30 | 优视科技有限公司 | Incremental upgrade method and system for file |
| CN105205074A (en) * | 2014-06-25 | 2015-12-30 | 优视科技有限公司 | File increment upgrading method and system |
| US9917697B2 (en) | 2014-06-25 | 2018-03-13 | Uc Mobile Co., Ltd. | Performing incremental upgrade on APK base file corresponding to APK eigenvalue value |
| CN105205074B (en) * | 2014-06-25 | 2019-03-26 | 优视科技有限公司 | File increment upgrade method and system |
| CN105915623A (en) * | 2016-05-20 | 2016-08-31 | 努比亚技术有限公司 | Device and method of processing application installation package |
| CN106599017A (en) * | 2016-10-20 | 2017-04-26 | 广州优视网络科技有限公司 | Method and device for scanning and resolving installation packages, and mobile terminal |
| CN108804314A (en) * | 2018-05-23 | 2018-11-13 | 北京五八信息技术有限公司 | Installation kit test method, device, equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| KR20140114437A (en) | 2014-09-26 |
| CN102789506B (en) | 2014-09-24 |
| WO2014012459A1 (en) | 2014-01-23 |
| KR101691948B1 (en) | 2017-01-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102789506A (en) | Method and device for extracting characteristic information of application program installation package as well as client equipment | |
| CN102799826A (en) | Method and device for detecting application program installation package decompression process and client device | |
| US20120159625A1 (en) | Malicious code detection and classification system using string comparison and method thereof | |
| CN109960932B (en) | File detection method and device and terminal equipment | |
| KR102317833B1 (en) | method for machine LEARNING of MALWARE DETECTING MODEL AND METHOD FOR detecting Malware USING THE SAME | |
| CN103778373A (en) | Virus detection method and device | |
| CN104978213B (en) | Realize the link acquisition methods and device of application installation package | |
| KR20190044820A (en) | Method and apparatus for extracting specific dynamic generated file | |
| CN109360605B (en) | Genome sequencing data archiving method, server and computer readable storage medium | |
| WO2019043481A1 (en) | Context aware delta algorithm for genomic files | |
| CN105095764A (en) | Virus checking and killing method and device | |
| Immanuel et al. | Android cache taxonomy and forensic process | |
| KR100961179B1 (en) | Apparatus and Method for digital forensic | |
| US11429317B2 (en) | Method, apparatus and computer program product for storing data | |
| CN103810222A (en) | Sample file processing method and device | |
| US20200042695A1 (en) | Assignment device, assignment method, and assignment program | |
| CN105207830A (en) | Detection method and apparatus for terminal information, and terminal | |
| CN107169057B (en) | Method and device for detecting repeated pictures | |
| CN112363904A (en) | Log data analysis positioning method and device and computer readable storage medium | |
| CN106462704B (en) | Dynamic reads in code analysis device and dynamic reads in code analysis methods | |
| CN114781008B (en) | Data identification method and device for security detection of terminal firmware of Internet of things | |
| CN110377499B (en) | Method and device for testing application program | |
| KR102334228B1 (en) | Method for family classification by weighted voting for android malware labels, recording medium and device for performing the method | |
| Wang et al. | Research on intelligent reverse analysis technology of firmware of internet of things | |
| KR20140108378A (en) | Detecting system and detecting method for malicious code infection of compressed file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |