CN103473104B - Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix - Google Patents
Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix Download PDFInfo
- Publication number
- CN103473104B CN103473104B CN201310438444.9A CN201310438444A CN103473104B CN 103473104 B CN103473104 B CN 103473104B CN 201310438444 A CN201310438444 A CN 201310438444A CN 103473104 B CN103473104 B CN 103473104B
- Authority
- CN
- China
- Prior art keywords
- application program
- bag
- application
- key word
- smali
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix, it is applied to Android system, first correspond to process with program file, obtain smali code file then to smali code process, extract operator sequence, statistics key word information, each certain types of key word is constructed context-sensitive feature tlv triple and generates eigenmatrix based on context frequency, the eigenmatrix of application program is contrasted two-by-two, obtains the similarity of two application programs according to similar matrixes degree.Finally combine the contents such as author information and judge whether to beat again between application program bag relation.The technical scheme provided by the present invention, can differentiate with the Android application program of counterweight packing, avoid simultaneously and whole application program carries out the overhead that huge character string Hash processes;It is independent of original document binary code order;By the size of limited features matrix, reduce space expense;Improve Android application program and beat again the execution efficiency that bag differentiates.
Description
Technical field
The present invention relates to a kind of application based on keyword context frequency matrix and beat again bag discriminating conduct, be specifically related to a kind of in peace
Under Zhuo Pingtai, utilize application code key word frequency matrix, identify that the processing method of bag is beaten again in application.
Background technology
Android (Android) system is that Google develops and promotes, freedom based on Linux and the operation system of open source code
System, is mainly used for mobile device, such as smart mobile phone or panel computer.Android system is that current world market share is maximum
Cell phone operating system, the data from official show, the application program on Android system alreadys more than 975,000.
Generally, Android system application program is developed by third party developer and issues, and this just brings a problem, i.e. application to beat again
Bag.Application is beaten again bag and is referred to, some developer seizes, by different channels, the application that other developers issue, by decompiling,
The technology such as binary code pitching pile, existing application is modified (such as implant malicious code, revise developer's information,
Amendment authority, cracks etc. protected content), then repack, issue.This has just caused about copyright, safety, writes
Weigh, secret protection, the problems such as malicious code implantation.
Silvio Cesare and Yang Xiang summarizes some in " Software Similarity and Classification " book
About software similarity and the solution of cluster analysis: such as by string analysis, code text is carried out similarity-rough set,
And then draw the information of software similarity;And by code word frequency is added up, according to statistical result comparison software similarity.
But these solutions do not consider the special circumstances that mobile platform application is relevant.
2012, American South University of California Wu Zhou, Yajin Zhou et al. proposed another kind of solution (CODASPY ' 12
Paper): utilize and obscure salted hash Salted, extract application features, then utilize the fingerprint obscuring Hash generation application, then use
Roll salted hash Salted, fingerprint is generated as a characteristic vector, by the characteristic vector similarity-rough set of two application, it is judged that be
Bag problem beaten again by the no software that exists.The method needs to be analyzed all codes, complicated poor efficiency, and relies on code text order,
Cannot process by inserting dead code, Code obfuscation, function renaming, change the feelings that code is modified by code sequence etc.
Condition.
Summary of the invention
It is an object of the invention to provide a kind of new method so that in less expense, very fast time, to the some Androids provided
Application program carries out pretreatment, obtains an eigenmatrix based on keyword context frequency, by the meter to similar matrixes degree
Calculating, cluster, which obtains in these Android application programs is the information beating again bag application.
The principle of the present invention is: first corresponds to process with program file (apk file), obtains smali code file, smali
Code is a kind of intermediate representation of original application binaries code.Then to smali code process, operator sequence is extracted,
Statistics key word information, constructs context-sensitive feature tlv triple<K1, i, K2>to each certain types of key word, generates base
In the eigenmatrix of context frequency, the eigenmatrix of application program is contrasted two-by-two, obtain two according to similar matrixes degree
The similarity of application program.Finally combine the contents such as author information and judge whether to beat again between application program bag relation.
The technical scheme that the present invention provides is as follows:
Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix, is applied to Android system, it is characterized in that,
Comprise the steps (flow process sees Fig. 9):
A. application file is carried out pretreatment, binary code is converted to smali code file, extracts application program
Author's signing messages also constructs key word vector;
B. smali code file is processed, generate smali operator sequence;
C. keyword context frequency matrix is generated;
D. the similarity of application program keyword context frequency matrix is contrasted, it is judged that whether this application program attaches most importance to packing is applied.
Bag discriminating conduct is beaten again in described application, it is characterized in that, step A includes:
A1. the author's signing messages file in Android application program binary code file and META-INFO file is extracted;
A2. use existing instrument, binary code is converted to smali code file;
A3. use existing instrument, extract author's signature contents from corresponding document;
A4. structure key word vector.
Bag discriminating conduct is beaten again in described application, it is characterized in that, step B includes:
B1. the smali code file obtained in step A is processed, remove (mainly some advertisements of third party library file
Storehouse, the content such as social platform storehouse);
B2. the smali code file obtained in step B1 is processed, by other all letters beyond the operator in every statement
Breath is peeled off, and obtains the smali operator sequence of an application program.
Bag discriminating conduct is beaten again in described application, it is characterized in that, step C includes:
C1. structure keyword context frequency matrix Max;
C2. according to selected key word vector, to each key word, in the smali operator sequence that step B obtains
Occur each time, use hash algorithm, its K bar statement above and K bar statement hereafter are each mapped to integer K 1 He
K2, wherein, described key word is designated as i under correspondence in key word vector;
C3. eigenmatrix correspondence position Max [i] [K1] [K2] counting is increased.
Bag discriminating conduct is beaten again in described application, it is characterized in that, step D includes:
D1. to given Android application program, the similarity of its keyword context frequency matrix is calculated, in this, as standard,
Two Android application programs are compared two-by-two;
D2. the Similarity Measure result of keyword context frequency matrix is exceeded the Android application program cluster specifying threshold value, recognizes
There may be for the Android application program of this class and beat again bag problem;
D3. the author's signing messages obtained in integrating step A, the result of determination to step D2 carries out screening investigation further.
Bag discriminating conduct is beaten again in described application, it is characterized in that, in step D1, calculates its keyword context frequency matrix
The method of similarity is: set former application program (i.e. not beating again the original application program of bag) and the key of application program to be judged
Word context frequency matrix is respectively Max1, Max2, to each of two matrixes, respectively with Max1 [i] [j] [k] and
Max2 [i] [j] [k] represents, calculates minimum M in [i] [j] [k] of the two number, represents its similarity score with score,
score=200*ΣMin[i][j][k]/Σ(Max1[i][j][k]+Max2[i][j][k])。
Bag discriminating conduct is beaten again in described application, it is characterized in that, in step D2, described threshold value is 70.
Bag discriminating conduct is beaten again in described application, it is characterized in that, in step A4, selects the corresponding operator conduct that such as gives an order
Key word: transfer instruction, function call instruction, compare instruction, statement class instruction, operational order, transmission instruct, dish out different
Often instruction.
Bag discriminating conduct is beaten again in described application, it is characterized in that, in step A4, selects following operator as key word: if,
goto、invoke_virtual、invoke_static、invoke_direct、add-int/lit8、move_result_object、new-array、
const/4、const/16、const-string、throw、new-instance、cmpl-float、and-int/lit1。
Beneficial effects of the present invention: utilize the technical scheme that the present invention provides, can sentence with the Android application program of counterweight packing
, do not avoid simultaneously whole application program is carried out the overhead that huge character string Hash processes;It is independent of original document two to enter
Code sequence processed;By the size of limited features matrix, reduce space expense;Improve Android application program and beat again what bag differentiated
Execution efficiency.
Accompanying drawing explanation
The application program pretreatment process of Fig. 1 present invention.
The generation smali operator sequence flow of Fig. 2 present invention.
The generation keyword context frequency matrix flow process of Fig. 3 present invention.
The inclusion fruit of beating again of Fig. 4 present invention judges flow process.
The application program that Fig. 5 embodiment of the present invention provides locates flow chart in advance.
The generation smali operator sequence flow figure that Fig. 6 embodiment of the present invention provides.
The generation keyword context frequency matrix flow chart that Fig. 7 embodiment of the present invention provides.
What Fig. 8 embodiment of the present invention provided beats again inclusion fruit decision flow chart.
The flow chart of Fig. 9 the method for the invention.
Detailed description of the invention
The detailed description of the invention of the present invention is as follows:
A., when application file is carried out pretreatment, perform to operate as follows:
A1. the author's signing messages file in Android application program binary code file and META-INFO file is extracted;
A2. existing instrument, such as backsmali(https are used: //code.google.com/p/smali/), by binary code (.dex
File) be converted to smali code file;
A3. existing instrument, such as keytool(JDK(Java Development Kit are used) developer component instrument), from accordingly
File (CERT.RSA) extracts author's signature contents;
A4. structure key word vector, the selection gist of key word is, chooses the statement occurring that frequency ratio is higher;Key word is at language
The most significantly repeat in justice, i.e. keyword set can cover the statement of difference in functionality;Choose the most important instruction,
Such as operational order, function call instruction etc..
B. generating smali operator Sequence, performing to operate as follows:
B1. the smali code file obtained step A2 processes, and removes third party library file, mainly some advertisement base,
Such as Admob, AirPush, LeadBolt, InMobi etc., social platform storehouse, such as Facebook, OpenFeint, HeyZap
Deng, and the third party library that other exploitations are used;
B2. the smali code file obtained step B1 processes, by other all information beyond the operator in every statement
Peeling off, these other information include operand, and some other indications, and such as ' # ', '. ' etc., obtaining one should
By the smali operator sequence of program.
C. generating keyword context frequency matrix part, performing to operate as follows:
C1. structure keyword context frequency matrix Max, this is a three-dimensional matrice, and size is sz_kv*sz_hash*
Sz_hash, wherein sz_kv is the size of selected key word vector, and sz_hash is the hash algorithm result taked in step C2
Span size, each of Max is initialized as 0;
C2. according to selected key word vector, to each key word (being designated as i under correspondence in key word vector) in step
Appearance each time in the smali operator sequence that B2 obtains, uses specific hash algorithm, by its K(K above for making by oneself
One integer of justice) bar statement and K bar statement hereafter be each mapped to integer K 1 and K2;
C3. eigenmatrix correspondence position Max [i] [K1] [K2] counting is increased.
D., when beating again inclusion fruit and judging, perform to operate as follows:
D1. to given Android application program, special algorithm is used to calculate the similarity of its keyword context frequency matrix, with
Two Android application programs, as standard, are compared by two-by-two;Here the similarity of keyword context frequency matrix is compared
Algorithm be, if two matrixes are respectively Max1, Max2, to each of two matrixes, respectively with Max1 [i] [j] [k] and
Max2 [i] [j] [k] represents, calculates minimum M in [i] [j] [k] of the two number, represents its similarity score with score,
score=200*ΣMin[i][j][k]/Σ(Max1[i][j][k]+Max2[i][j][k]);
D2. the Similarity Measure result (i.e. score in step D1) of keyword context frequency matrix is exceeded certain threshold value
Android application program clusters, rule of thumb property result, and threshold value is elected as when 70 optimum, it is believed that the Android application program of this class may
Exist and beat again bag problem.
D3. author's signing messages that integrating step A3 obtains, the result to step D2 carries out screening investigation, Zuo Zhexin further
Manner of breathing similar application program together is usually the different editions of same application, is not belonging to beat again bag application, and author information is not
Same similar application program is then judged as beating again bag application program.
Below by example, the present invention will be further described.
Embodiment 1:
Assuming that an Android application program, its Chinese name is " automatic desktop Photo Filter ", needs to detect it and whether is one and beats again
Bag application, its program bag entitled AutodeskzhaopianlvjingPixlr_o_matic_V2.2.1_mumayi_ac32a. apk.
A. the flow process of pretreatment comprises the steps:
A1. after being decompressed by apk program bag, can obtain some files and file, wherein class.dex file is application journey
The binary code file of sequence, the CERT.RSA file under META-INFO file is the signing messages of author;
A2. use backsmali instrument, class.dex file be converted to smali code file, a file can be generated,
Including multiple .smali files;
A3. use keytool instrument, extract author's signature contents from CERT.RSA, input keytool-printcert-file
CERT.RSA order, can obtain some information about application program, including the owner, and publisher, serial number, effectively
Phase and certificate fingerprint.
A4. structure key word vector, the some rules of thumb obtained according to experiment, we select following 15 operators as pass
Key word, be respectively if, goto, invoke_virtual, invoke_static, invoke_direct, add-int/lit8, move_result_object,
New-array, const/4, const/16, const-string, throw, new-instance, cmpl-float, and-int/lit1, this
15 operators represent multiple instruction, including transfer instruction, function call instruction, compare instruction, statement class instruction, computing
Instruction, transmission instruction, throw exception instruction, a subscript of each operator correspondence keyword vector;
B. generate smali operator sequence flow, comprise the steps:
B1. the smali code file obtained pretreatment processes, and removes in third party library file, such as this apk and comprises admob
Advertisement base, then delete corresponding all smali files;
B2. the smali code file obtained B1 processes, and other all information beyond the operator in every statement is peeled off,
These other information include operand, and some other indications, such as ' # ', '. ' etc., obtain an application program
Smali operator sequence.In smali file, the form of every statement is " operator operand ", and operand is concrete operations
Variable name or the name of depositor, can be automatically performed by the way of string processing, after this step, obtain one
Smali operator sequence text, each of which row is an operator, the key word that some of which operator may be selected with us
Coupling.
C. generate keyword context frequency matrix flow process, comprise the steps:
C1. structure keyword context frequency matrix Max, this is a three-dimensional matrice, and size is sz_kv*sz_hash*sz_hash,
Wherein sz_kv is the size of selected key word vector, it has been determined that be 15, and sz_hash is the hash algorithm knot taked in next step
The span size of fruit, rule of thumb property result, is set to 67, and each of Max is initialized as 0;
C2. according to selected key word vector, to each key word (being designated as i under correspondence in key word vector) in previous step
Appearance each time in the smali operator sequence obtained, (BKDRHash algorithm sees to use BKDRHash algorithm
http://www.nocow.cn/index.php/BKDRHash;Here other character string hash algorithm can also be used, as
ELFHASH, SDBMHash, RSHash etc.), its K bar statement above and K bar statement hereafter are each mapped to
Integer K 1 and K2, such as, according to string matching, detect the key word invoke-static of corresponding key word vector subscript i=3
Once appearance, its context is following job sequence,
line
try_start_0
iget_object
invoke-static
move-result-object
const-string
invoke-virtual;
According to BKDRHash algorithm, respectively context is done hash computing, obtains K1=17, K2=33;
C3. increase eigenmatrix correspondence position Max [i] [K1] [K2] counting, in the present example, perform Max [3] [17] [33] ++
Operation.
D. beat again inclusion fruit and judge flow process, perform to operate as follows:
D1. to given Android application program, special algorithm is used to calculate the similarity of its keyword context frequency matrix, with
Two Android application programs, as standard, are compared by two-by-two, it is assumed that according to similar step above, we obtain
Autodeskzhaopiantexiaochulihanhuaban_Pixlr_o_matic_V2.1. this application program of 2_mumayi_1f341.apk
And the key word of AutodeskzhaopianlvjingPixlr_o_matic_V2.2.1_mumayi_ac32a. this application program of apk
Context frequency matrix, if two matrixes are respectively Max1, Max2, to two matrixes each, respectively with Max1 [i] [j] [k]
Represent with Max2 [i] [j] [k], calculate minimum M in [i] [j] [k] of the two number, represent its similarity score with score,
Score=200* Σ Min [i] [j] [k]/Σ (Max1 [i] [j] [k]+Max2 [i] [j] [k]), according to computing, score=86.8871;
D2. by the Similarity Measure result of keyword context frequency matrix, i.e. score in step D1, certain threshold value is exceeded
Android application program cluster, rule of thumb property result, optimum when threshold value elects 70 as, 86.8871 are more than 70 here, therefore sentence
Disconnected the two Android application program there may be beats again bag problem.
D3. combine the author's signing messages being previously obtained, further result is carried out screening investigation, finds the two application program
Author information different, further determine that the two application program is attached most importance to packing application program.
Claims (10)
1. a bag discriminating conduct is beaten again in application based on keyword context frequency matrix, is applied to Android system, it is characterized in that,
Comprise the steps:
A. application file is carried out pretreatment, binary code is converted to smali code file, the journey of extraction application simultaneously
Author's signing messages of sequence, Structural application program key word vector, the selection gist of key word is, chooses the language that the frequency of occurrences is high
Sentence;Key word is the most significantly repeating, i.e. keyword set covers the statement of difference in functionality;Choose semantically significant
Instruction;
B. smali code file is processed, generate smali operator sequence;
C. keyword context frequency matrix is generated;
D. the similarity of application program keyword context frequency matrix is contrasted, it is judged that whether this application program attaches most importance to packing is applied.
2. bag discriminating conduct is beaten again in application as claimed in claim 1, it is characterized in that, step A includes:
A1. the author's signing messages file in Android application program binary code file and META-INFO file is extracted;
A2. use existing instrument, binary code is converted to smali code file;
A3. use existing instrument, extract author's signature contents from corresponding document;
A4. Structural application program key word vector.
3. bag discriminating conduct is beaten again in application as claimed in claim 1, it is characterized in that, step B includes:
B1. the smali code file obtained in step A is processed, remove third party library file;
B2. the smali code file obtained in step B1 is processed, by other all letters beyond the operator in every statement
Breath is peeled off, and obtains the smali operator sequence of an application program.
4. bag discriminating conduct is beaten again in application as claimed in claim 1, it is characterized in that, step C includes:
C1. structure keyword context frequency matrix Max;
C2. according to selected key word vector, to each key word, in the smali operator sequence that step B obtains
Occur each time, use hash algorithm, its K bar statement above and K bar statement hereafter are each mapped to integer K 1 He
K2, wherein, described key word is designated as i under correspondence in key word vector;
C3. eigenmatrix correspondence position Max [i] [K1] [K2] counting is increased.
5. bag discriminating conduct is beaten again in application as claimed in claim 1, it is characterized in that, step D includes:
D1. to given Android application program, the similarity of its keyword context frequency matrix is calculated, in this, as standard,
Two Android application programs are compared two-by-two;
D2. the Similarity Measure result of keyword context frequency matrix is exceeded the Android application program cluster specifying threshold value, recognizes
There may be for the Android application program of this class and beat again bag problem.
6. bag discriminating conduct is beaten again in application as claimed in claim 5, it is characterized in that, step D farther includes:
D3. the author's signing messages obtained in integrating step A, the result of determination to step D2 carries out screening investigation further.
7. bag discriminating conduct is beaten again in application as claimed in claim 5, it is characterized in that, in step D1, calculates on its key word
Hereafter the method for the similarity of frequency matrix is: set the keyword context frequency square of former application program and application program to be judged
Battle array is respectively Max1, Max2, to each of two matrixes, represents with Max1 [i] [j] [k] and Max2 [i] [j] [k] respectively, counts
Calculate minimum M in [i] [j] [k] of the two number, represent its similarity score, score=200* Σ Min [i] [j] [k]/Σ with score
(Max1[i][j][k]+Max2[i][j][k])。
8. bag discriminating conduct is beaten again in application as claimed in claim 5, it is characterized in that, in step D2, described threshold value is 70.
9. bag discriminating conduct is beaten again in application as claimed in claim 2, it is characterized in that, in step A4, it is right that selection such as gives an order
The operator answered is as key word: transfer instruction, function call instruction, compare instruction, statement class instruction, operational order, biography
Send instruction, throw exception instruction.
10. bag discriminating conduct is beaten again in application as claimed in claim 2, it is characterized in that, in step A4, selects following operation
Symbol as key word: if, goto, invoke_virtual, invoke_static, invoke_direct, add-int/lit8,
move_result_object、new-array、const/4、const/16、const-string、throw、new-instance、cmpl-float、
and-int/lit1。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310438444.9A CN103473104B (en) | 2013-09-24 | 2013-09-24 | Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310438444.9A CN103473104B (en) | 2013-09-24 | 2013-09-24 | Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103473104A CN103473104A (en) | 2013-12-25 |
CN103473104B true CN103473104B (en) | 2016-10-05 |
Family
ID=49797973
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310438444.9A Active CN103473104B (en) | 2013-09-24 | 2013-09-24 | Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103473104B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104123493B (en) * | 2014-07-31 | 2017-09-26 | 百度在线网络技术(北京)有限公司 | The safety detecting method and device of application program |
CN104317599B (en) * | 2014-10-30 | 2017-06-20 | 北京奇虎科技有限公司 | Whether detection installation kit is by the method and apparatus of secondary packing |
CN106469259B (en) * | 2015-08-19 | 2019-07-23 | 北京金山安全软件有限公司 | Method and device for determining whether application program is legal application program or not and electronic equipment |
CN105389508B (en) * | 2015-11-10 | 2018-02-16 | 工业和信息化部电信研究院 | A kind of Android beats again the detection method and device of bag application |
CN107480219A (en) * | 2017-07-31 | 2017-12-15 | 北京微影时代科技有限公司 | Information processing method, device, electronic equipment and computer-readable recording medium |
CN108170664B (en) * | 2017-11-29 | 2021-04-09 | 有米科技股份有限公司 | Key word expansion method and device based on key words |
CN109117164B (en) * | 2018-06-22 | 2020-08-25 | 北京大学 | Micro-service updating method and system based on difference analysis of key elements |
CN110659064B (en) * | 2019-09-11 | 2022-09-13 | 无锡江南计算技术研究所 | Search pruning optimization method based on feature element information |
CN110795530B (en) * | 2019-09-11 | 2022-10-04 | 无锡江南计算技术研究所 | Context-based value feature extraction system and method |
CN111651193A (en) * | 2020-06-03 | 2020-09-11 | 上海米哈游天命科技有限公司 | Information packaging method, device, equipment and medium |
CN113656810A (en) * | 2021-07-16 | 2021-11-16 | 五八同城信息技术有限公司 | Application program encryption method and device, electronic equipment and storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SG182015A1 (en) * | 2010-12-14 | 2012-07-30 | C3S Pte Ltd | Method and system for protecting intellectual property in software |
-
2013
- 2013-09-24 CN CN201310438444.9A patent/CN103473104B/en active Active
Non-Patent Citations (2)
Title |
---|
Detecting repackaged smartphone applications in third-party android marketplaces;Wu Zhou,el;《ACM:Proceedings of the second ACM conference on Data and Application Security and Privacy》;20120207;317-326 * |
Matrix-based android UI development;Song Zengbin;Huang Jin;Wu Guangxu;《IEEE:Computer Science and Information Processing(CSIP),2012 International Conference》;20120824;185-187 * |
Also Published As
Publication number | Publication date |
---|---|
CN103473104A (en) | 2013-12-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103473104B (en) | Bag discriminating conduct is beaten again in a kind of application based on keyword context frequency matrix | |
Yen et al. | An Android mutation malware detection based on deep learning using visualization of importance from codes | |
Nguyen et al. | Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning | |
CN103761475B (en) | Method and device for detecting malicious code in intelligent terminal | |
US8850581B2 (en) | Identification of malware detection signature candidate code | |
CN104123493B (en) | The safety detecting method and device of application program | |
CN102567661B (en) | Program recognition method and device based on machine learning | |
Devesa et al. | Automatic behaviour-based analysis and classification system for malware detection | |
CN108985064B (en) | Method and device for identifying malicious document | |
CN105205397B (en) | Rogue program sample sorting technique and device | |
US10394579B2 (en) | Automatically fixing inaccessible widgets during mobile application execution | |
RU91213U1 (en) | SYSTEM OF AUTOMATIC COMPOSITION OF DESCRIPTION AND CLUSTERING OF VARIOUS, INCLUDING AND MALIMENTAL OBJECTS | |
CN105653984B (en) | File fingerprint method of calibration and device | |
CN103473346A (en) | Android re-packed application detection method based on application programming interface | |
CN103853979A (en) | Program identification method and device based on machine learning | |
WO2014049504A1 (en) | Detecting malicious advertisements using source code analysis | |
Nguyen et al. | Detecting repackaged android applications using perceptual hashing | |
CN104462990A (en) | Character string decrypting and encrypting method and device | |
Kazi et al. | Hidden Markov models for software piracy detection | |
Kang et al. | A study on variant malware detection techniques using static and dynamic features | |
Chen et al. | Malware classification using static disassembly and machine learning | |
Shu et al. | Android malware detection methods based on convolutional neural network: A survey | |
Mai et al. | MobileNet-Based IoT Malware Detection with Opcode Features | |
CN116167057B (en) | Code dynamic safe loading method and device based on key code semantic detection | |
Korkin et al. | Acceleration of statistical detection of zero-day malware in the memory dump using CUDA-enabled GPU hardware |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20131225 Assignee: Green Hin technology development (Beijing) Co., Ltd. Assignor: Peking University Contract record no.: 2017990000291 Denomination of invention: Method for discriminating re-package of application based on keyword context frequency matrix Granted publication date: 20161005 License type: Common License Record date: 20170719 |