CN103473346A - Android re-packed application detection method based on application programming interface - Google Patents
Android re-packed application detection method based on application programming interface Download PDFInfo
- Publication number
- CN103473346A CN103473346A CN2013104386478A CN201310438647A CN103473346A CN 103473346 A CN103473346 A CN 103473346A CN 2013104386478 A CN2013104386478 A CN 2013104386478A CN 201310438647 A CN201310438647 A CN 201310438647A CN 103473346 A CN103473346 A CN 103473346A
- Authority
- CN
- China
- Prior art keywords
- application
- file
- android
- programming interface
- detection method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to an android re-packed application detection method based on an application programming interface. The android re-packed application detection method based on the application programming interface comprises the following steps of firstly processing an application program file to obtain a smali code file; for each file folder, extracting the use situation of the application programming interface of android from smali codes, and counting frequency information; clustering through mutual comparison of the file folders, and utilizing the file folders with high similarity degree and more repetition numbers as a third party library; after removing the interference of the third party library, by utilizing the application program file as the unit, clustering program files with the high similarity degree; finally combining signing information of a writer, judging whether the re-package relationship exists in the application programs or not. By utilizing the technical scheme of the method provided by the invention, in application with a large-scale application market stage, re-packed applications can be automatically detected; the efficiency and the accuracy are very high.
Description
Technical field
The present invention relates to a kind of bag of beating again based on application programming interface and apply detection method, be specifically related to a kind of under Android platform, utilize the frequency of utilization of critical applications DLL (dynamic link library) in application code, filter the method that the bag application is beaten again in third party library and detection.
Background technology
In recent years, the development of mobile device (for example smart mobile phone and flat board) is very rapid.The Android platform has occupied the main share in intelligent mobile market, has every day according to statistics and surpasses the use that is activated of 1,300,000 mobile devices that carry the Android systems.Popular and universal along with mobile device, emerge a large amount of mobile application.Cut-off to 2013 year February, in Google's official market, there have been 800,000 Android of surpassing to move application.These move the function that application has not only strengthened mobile device, have also greatly enriched user's experience.The user gets used to using various should be used for amusement and office gradually, and Intelligent mobile equipment and mobile application have become an indispensable part in people's life.
Due to the opening of Android system, the user can not only download and install application from Google's official market, also can be from even website and forum's download and installation application of third party market arbitrarily.Simultaneously, the developer of application can be submitted to application third party market arbitrarily and supply user's download.Therefore for the supvr of application market, only have and managed the quality of applying in market and a good market environment is provided, could attract more user and developer.
Yet the Android application is easy to be cracked, and has at present the decompiling instrument of much increasing income to use.Therefore, the developer of some malice can be easy to crack the valid application in application market, after the modification code, repacks and issues in market.The application of paying can be cracked and then freely release, and the developer of malice also can replace the advertisement base in former application to speculate.More seriously, the developer of malice can be implanted to the code of malice in legal application and then release, and with this, infects more user.Apply the interests that the developer has not only been invaded in the behavior of beating again bag, also user's safety and privacy arrived in serious threat.
Need to the control the market quality of middle application of the supvr of application market, detect and remove these potential threats.Yet it is very difficult detecting in application market and beating again the bag application.On the one hand, when the supvr is most of, can only whether be to beat again the bag application, and many times manually more also be difficult to obtain correct result by manually relatively judging application.For example, the application of beating again bag can comprise several different application on function, or the application of beating again bag has comprised Malware etc.On the other hand, consider the application of magnanimity number in application market, manually beaten again bag and detect unreliable and there is no an extensibility.Therefore, beating again the bag detection in other application of application market level needs the system of a robotization to complete.
The propositions such as Wu Zhou are applied and are beaten again bag detection (" DroidMOSS:Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces ", CODASPY ' 12) on Dalvik bytecode level.DroidMOSS extracts the sequence of opcodes in the Dalvik bytecode, uses the method application programs of fuzzy hash to produce a fingerprint signature and as feature, by the be applied similarity of program of the editing distance between the application program fingerprint relatively.Similarly, Steve Hanna etc. has proposed Juxtapp(" Juxtapp:A Scalable System for Detecting Code Reuse Among Android Applications ", DIMVA`12), used the method application programs of feature hash to produce fingerprint signature and the Jaccard of usining between them apart from the basis for estimation as beating again bag.DroidMOSS and Juxtapp extract static characteristic information from the Dalvik bytecode, thereby and with different hashing techniques, these static informations are expressed as to vector and compare.The advantage of this comparative approach is Simple fast, can be easy to expand to the comparison of large-scale application.But beat again bag application, be easy to just can escape this inspection technology, thus such as the simplest interchange code sequentially or increase fingerprint that the deletion action code will cause application program and change and cause the detection method inefficacy.
Jonathan Crussell etc. propose DNADroid (" Attack of the Clones:Detecting Cloned Applications on Android Markets ", ESORICS`12), detect and beat again the bag application by the procedure dependency figure (PDG) relatively applied.Detection technique based on procedure dependency figure is the method for often using during Code Clones detects.It has used the semantic information of program, and the accuracy rate therefore detected should be able to be higher.But the detection method execution efficiency that is based on procedure dependency figure is a problem.In DNADroid, the bag of beating again that the author uses Hadoop Mapreduce parallel computation framework to carry out application on four machines detects, and it is right that still average per minute can only compare 0.71 application.Therefore, the extendability of this method is not high, is difficult to be applied to the hundreds thousand of application of application market rank and detects.
To sum up, existing application is beaten again packet inspection method and is mainly had two problems:
1) the detection interference of the use counterweight of the third party library code in Android application program packing application is very large, and existing way major part is all the code that the white list by setting up third party library filters out third party library.But, because great majority in existing application program have all passed through Code obfuscation, therefore this method is invalid for the application program after Code obfuscation.
System there is very high extensibility when 2) must guarantee accuracy, this just needs the detection method proposed that low rate of false alarm and high recall ratio are arranged, should consider coding change, interpolation and deletion on different aspects, and can detect in the magnanimity application and beat again the bag application rapidly.But do not accomplish this point in existing method.
Summary of the invention
The purpose of this invention is to provide a kind of new method, make in less expense, in the very fast time, the some Android application programs that provide are carried out to pre-service, obtain some proper vectors about application programming interface, calculate by similarity, carry out cluster, remove third party library, and obtain that in these Android application programs, which is the information of beating again the bag application.
Principle of the present invention is: at first application programs file (apk file) is processed, and obtains the smali code file, and the smali code is a kind of intermediate representation of original application binaries code.The smali file that processing obtains is according to original folder hierarchy tissue, for each file, extracts the service condition of Android application programming interface from the smali code, statistical frequency information.Then by between file, mutually relatively carrying out cluster, files similarity is high, that number of iterations is many are considered as third party library.After removing the third party library interference, then take application file as unit, the program file high to similarity carries out cluster.Finally, in conjunction with author's signing messages, judge between application program and whether there is the bag of beating again relation.
Technical scheme provided by the invention is as follows:
A kind of Android based on application programming interface is beaten again bag application detection method, is applicable to detect the application program of Android platform, it is characterized in that, comprises the steps (flow process is with reference to Fig. 1):
A. the application programs file carries out pre-service, binary code is converted to author's signing messages the Structural application programming interface of smali code file, extraction application program;
B. the smali code file is processed, be take file as unit, extracted the situation of calling and the corresponding call number of Android application programming interface, the composition characteristic vector;
C. calculate the similarity of the proper vector between different files, and carry out cluster, remove third party library;
D. again according to application programming interface, the proper vector of computing application program, the similarity of the proper vector of contrast application program, cluster also judges the packing application of attaching most importance to of which application program.
Described Android is beaten again bag application detection method, it is characterized in that, steps A comprises:
A1. extract the author's signing messages file in Android application binaries code file and META-INFO file;
A2. use existing instrument, binary code is converted to the smali code file;
A3. use existing instrument, from corresponding document, extract author's signature contents.
Described Android is beaten again bag application detection method, it is characterized in that, step B comprises:
B1. the smali code file obtained in steps A is processed, read the content of smali file, and mated with regular expression, application programming interface function and all the other information are peeled off, and be take file as unit, statistical summaries;
B2. the application programming interface data that obtain in step B1 are converted into to the proper vector of the Euclidean space that is easy to procedure identification and operation.
Described Android is beaten again bag application detection method, it is characterized in that, step C comprises:
C1. between every two files, asking vector distance.Suppose to need the similarity of comparison document folder a and file b.At first obtain the proper vector of a and b by step B, be respectively α and β in Euclidean space, if α has value on a certain dimension, and β void value on this dimension, on this dimension, to supplement be 0 to β, and vice versa.To α and β, adopt following formula to ask for vector distance:
Wherein n is the dimension of α and β.
C2. according to vector distance, definite threshold, carry out cluster.In numerous classes of dividing, more classes are considered as the class file in third party library by occurrence number, and remove in the calculating of step D.
Described Android is beaten again bag application detection method, it is characterized in that, step D comprises:
D1. according to the proper vector of each file, the proper vector of the file do not filtered out through third party library, use the method added up, be integrated into the proper vector of each application.
D2. use the formula occurred in C1, calculate distance between any two, and adopt based on this clustering algorithm, the application apart from lower than certain threshold value is aggregated to a class.
D3. to the application of same class in the D2 step, examine their author information.If the application in same class, its author difference of signing, assert between two application the relation of beating again bag arranged.
Described Android is beaten again bag application detection method, it is characterized in that, in step C2, definite threshold value is 0.05.
Described Android is beaten again bag application detection method, it is characterized in that, in step D2, definite threshold value is 0.1.
Beneficial effect of the present invention: utilize technical scheme provided by the invention, can be in other application of large-scale application market grade, counterweight packing application detects automatically, and very high efficiency and accuracy are arranged.
The accompanying drawing explanation
Fig. 1 is the overview flow chart of the method for the invention
Fig. 2 application program pretreatment process of the present invention figure.
The process flow diagram of Fig. 3 calculated characteristics vector of the present invention.
The process flow diagram of Fig. 4 filtration third party library of the present invention.
Fig. 5 bag decision flow chart of beating again of the present invention.
The application program that Fig. 6 embodiment of the present invention provides is located process flow diagram in advance.
The process flow diagram of the calculated characteristics vector that Fig. 7 embodiment of the present invention provides.
The process flow diagram of the filtration third party library that Fig. 8 embodiment of the present invention provides.
Fig. 9 embodiment of the present invention provides beats again the bag decision flow chart.
Embodiment
The specific embodiment of the present invention is as follows:
A. when the application programs file carries out pre-service, carry out following operation (as shown in Figure 2):
A1. use existing instrument, for example keytool(JDK(Java Development Kit) the developer component instrument), extract author's signature contents from corresponding apk file;
A2. use existing instrument, for example apktool(https: //code.google.com/apktool/), the binary code of the compression in the apk bag is extracted and is converted to the smali code file.
B. when the smali file being processed to the composition proper vector, carry out following operation (as shown in Figure 3):
B1. smali code file steps A 2 obtained is processed, and reads the content of smali file, uses regular expression to be mated, and application is become to interface function and other information is peeled off, and take file as unit, statistical summaries.
B2. the application programming interface data that obtain in step B1 are converted into to the Euclidean space proper vector that is easy to procedure identification and operation.
C. calculate the similarity of the proper vector between different files, and carry out cluster, while removing third party library, carry out following operation (as shown in Figure 4):
C1. between every two files, asking vector distance.Suppose to need the similarity of comparison document folder a and file b.At first obtain the proper vector of a and b by step B, be respectively α and β.In Euclidean space, if α has value on a certain dimension, and β void value on this dimension, on this dimension, to supplement be 0 to β, and vice versa.To α and β, adopt following formula to ask for vector distance:
Wherein n is the dimension of α and β.
C2. according to the distance of proper vector, definite threshold, carry out cluster.In numerous classes of dividing, more classes are considered as third party library by occurrence number, and remove in the calculating of step D.
D. again according to application programming interface, the proper vector of computing application program, the similarity of proper vector of contrast application program, cluster also judges when which application program is attached most importance to the packing application, carries out following operation (as shown in Figure 5):
D1. according to the proper vector of each file, the proper vector of the file do not filtered out through third party library, use the method added up, be integrated into the proper vector of each application.
D2. use the formula occurred in C1, calculate distance between any two, and adopt based on this clustering algorithm, the application apart from lower than certain threshold value is aggregated to a class.
D3. to the application of same class in the D2 step, examine their author information.If the application in same class, its author difference of signing, assert between two application the relation of beating again bag arranged.
Below by example, the present invention will be further described.
Embodiment 1:
Suppose existing 1000 Android apk installation procedures, need to therefrom find out and there is the software of beating again the bag relation.Filename is respectively 1.apk, and 2.apk is until 1000.apk.
A. pretreated flow process comprises the steps (as shown in Figure 6):
A1. to any one apk file, as 1.apk, use the keytool instrument of increasing income can obtain author's signing messages file; These signatures are recorded as to a list, use in order to step D3.
A2. to any one apk file, as 1.apk, use the apktool instrument of increasing income, the apk decompress(ion) can be had to a smali file in the decompress(ion) bag, corresponding smali code file is arranged in file.
B. the flow process of generating feature vector comprises the steps (as shown in Figure 7):
B1. to any one apk file, as 1.apk, the smali code file that pre-service is obtained is processed, and reads the content in smali, obtains the information about the application programming interface function, take file as unit, is gathered.Only have two files under smali file as 1.apk, so just calculate respectively the situation of calling of smali file application programs DLL (dynamic link library) function in these two files.
B2. obtain the situation of calling in previous step, according to the title of calling and number of times, the situation of calling is integrated into to the proper vector of a multidimensional in Euclidean space.In first file as 1.apk, x is called in use to be had 2 times, and y is called in use to be had 5 times, and the component of multidimensional characteristic vectors on x is exactly 2, and the component on y is exactly 5.
C. calculation document folder similarity remove the flow process of third party library comprises the steps (as shown in Figure 8):
C1. for two files, as the file one in 1.apk, with the file three in 2.apk, use the formula comparison distance, obtain the value of a distance.
C2. according to the value of distance, if this value higher than threshold value 0.05, is just thought these two file dissmilarities.Carry out cluster with this threshold value.If the result of cluster shows, remaining certain number of times (threshold value of number of times is relevant with the total apk quantity compared) often that the file of a certain classification occurs, so just think that this file is the file of a third party library, should step D relatively in remove.Otherwise just think that this document folder is not third party library, need to continue to calculate in step D.
D. the flow process that bag is beaten again in final judgement comprises the steps (as shown in Figure 9):
D1. for each apk file, integrate the proper vector of its all file, the proper vector that is not filtered into the file of third party library is added up.As 1.apk, if it contains two smali files, and two files all do not filter by step C2, directly two proper vectors are added up with addition, as the proper vector of 1.apk.
D2. use the formula in the C1 step, calculate the distance between any two apk application, as calculated the distance of 1.apk and 2.apk.If 1.apk and 2.apk calculate the distance of gained and be greater than 0.1, think that 1.apk and 2.apk directly do not beat again the relation of bag, otherwise think that 1.apk and 2.apk have the suspicion of beating again bag.Carry out on this basis cluster.
D3. in conjunction with the author's signing messages obtained previously, further result is screened to investigation, if 1.apk and 2.apk are arrived same classification because distance is less than 0.1 by cluster, the author's signing messages at this time just 1.apk obtained in the A1 step, with author's signing messages of 2.apk, compare, if find the author information difference of these two application programs, assert these two application programs of 1.apk and 2.apk packing application program of attaching most importance to.If find that the author information of these two application programs is consistent, assert that 1.apk and 2.apk are same author's identical works, or same author's different editions works.
Claims (7)
1. the Android based on application programming interface is beaten again bag application detection method, is applicable to detect the application program of Android platform, it is characterized in that, comprises the steps:
A. the application programs file carries out pre-service, binary code is converted to author's signing messages the Structural application programming interface of smali code file, extraction application program;
B. the smali code file is processed, be take file as unit, extracted the situation of calling and the corresponding call number of Android application programming interface, the composition characteristic vector;
C. calculate the similarity of the proper vector between different files, and carry out cluster, remove third party library;
D. again according to application programming interface, the proper vector of computing application program, the similarity of the proper vector of contrast application program, cluster also judges the packing application of attaching most importance to of which application program.
2. Android as claimed in claim 1 is beaten again bag application detection method, it is characterized in that, described steps A comprises:
A1. extract the author's signing messages file in Android application binaries code file and META-INFO file;
A2. use existing instrument, binary code is converted to the smali code file;
A3. use existing instrument, from corresponding document, extract author's signature contents.
3. described Android as claimed in claim 1 is beaten again bag application detection method, it is characterized in that, described step B comprises:
B1. the smali code file obtained in steps A is processed, read the content of smali file, and mated with regular expression, application programming interface function and all the other information are peeled off, and be take file as unit, statistical summaries;
B2. the application programming interface data that obtain in step B1 are converted into to the proper vector of the Euclidean space that is easy to procedure identification and operation.
4. Android as claimed in claim 1 is beaten again bag application detection method, it is characterized in that, described step C comprises:
C1. between every two files, asking vector distance, suppose to need the similarity of comparison document folder a and file b, at first obtain the proper vector of a and b by step B, be respectively α and β in Euclidean space, if α has value on a certain dimension, and β void value on this dimension, on this dimension, to supplement be 0 to β, vice versa; To α and β, adopt following formula to ask for vector distance:
Wherein n is the dimension of α and β;
C2. according to vector distance, definite threshold, carry out cluster.
5. Android as claimed in claim 4 is beaten again bag application detection method, it is characterized in that, step D comprises:
D1. according to the proper vector of each file, the proper vector of the file do not filtered out through third party library, use the method added up, be integrated into the proper vector of each application;
D2. use the formula occurred in C1, calculate distance between any two, and adopt based on this clustering algorithm, the application apart from lower than certain threshold value is aggregated to a class;
D3. to the application of same class in step D2, examine their author information, if the application in same class, its author difference of signing, assert between two application the relation of beating again bag arranged.
6. Android as claimed in claim 4 is beaten again bag application detection method, it is characterized in that, the threshold value described in step C2 is 0.05.
7. Android as claimed in claim 5 is beaten again bag application detection method, it is characterized in that, the threshold value described in step D2 is 0.1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310438647.8A CN103473346B (en) | 2013-09-24 | 2013-09-24 | A kind of Android based on application programming interface beats again bag applying detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310438647.8A CN103473346B (en) | 2013-09-24 | 2013-09-24 | A kind of Android based on application programming interface beats again bag applying detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103473346A true CN103473346A (en) | 2013-12-25 |
| CN103473346B CN103473346B (en) | 2017-01-04 |
Family
ID=49798194
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310438647.8A Active CN103473346B (en) | 2013-09-24 | 2013-09-24 | A kind of Android based on application programming interface beats again bag applying detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103473346B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104216946A (en) * | 2014-07-31 | 2014-12-17 | 百度在线网络技术(北京)有限公司 | Method and device for determining repackaging application program |
| CN104317574A (en) * | 2014-09-30 | 2015-01-28 | 北京金山安全软件有限公司 | Method and device for identifying application program type |
| CN104391798A (en) * | 2014-12-09 | 2015-03-04 | 北京邮电大学 | Software feature information extracting method |
| CN104778409A (en) * | 2015-04-16 | 2015-07-15 | 电子科技大学 | Method and device for detecting similarities of Android application software |
| CN104866292A (en) * | 2014-02-25 | 2015-08-26 | 北京娜迦信息科技发展有限公司 | Method and device for extending software function |
| CN105389508A (en) * | 2015-11-10 | 2016-03-09 | 工业和信息化部电信研究院 | Detection method and apparatus for re-packaged Android application |
| CN105825085A (en) * | 2016-03-16 | 2016-08-03 | 广州彩瞳网络技术有限公司 | Application program processing method and device |
| CN106503559A (en) * | 2016-11-23 | 2017-03-15 | 杭州师范大学 | The extracting method of feature and device |
| CN106951780A (en) * | 2017-02-08 | 2017-07-14 | 中国科学院信息工程研究所 | Beat again the static detection method and device of bag malicious application |
| CN110175045A (en) * | 2019-05-20 | 2019-08-27 | 北京邮电大学 | Android application program beats again bag data processing method and processing device |
| CN110336777A (en) * | 2019-04-30 | 2019-10-15 | 北京邮电大学 | The communication interface acquisition method and device of Android application |
| CN110378118A (en) * | 2019-06-26 | 2019-10-25 | 南京理工大学 | The Android application third party library detection method of efficiently and accurately |
| CN110598408A (en) * | 2019-08-23 | 2019-12-20 | 华中科技大学 | App clone detection method and system based on function layer coding |
| CN112099880A (en) * | 2020-08-12 | 2020-12-18 | 北京大学 | Method and system for reducing application program driven by scene |
| JP2021516379A (en) * | 2018-01-04 | 2021-07-01 | ライン プラス コーポレーションLINE Plus Corporation | License verification device |
| CN113641363A (en) * | 2021-10-18 | 2021-11-12 | 北京邮电大学 | Third-party library detection method and device |
| CN115859292A (en) * | 2023-02-20 | 2023-03-28 | 卓望数码技术(深圳)有限公司 | Fraud-related APP detection system, judgment method and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102750482A (en) * | 2012-06-20 | 2012-10-24 | 东南大学 | Detection method for repackage application in android market |
| US8355998B1 (en) * | 2009-02-19 | 2013-01-15 | Amir Averbuch | Clustering and classification via localized diffusion folders |
-
2013
- 2013-09-24 CN CN201310438647.8A patent/CN103473346B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8355998B1 (en) * | 2009-02-19 | 2013-01-15 | Amir Averbuch | Clustering and classification via localized diffusion folders |
| CN102750482A (en) * | 2012-06-20 | 2012-10-24 | 东南大学 | Detection method for repackage application in android market |
Non-Patent Citations (1)
| Title |
|---|
| WU ZHOU 等: "《CODASPY’12 Proceeding of the second ACM conference on Data and Application Security and Privacy》", 7 February 2012 * |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104866292B (en) * | 2014-02-25 | 2018-05-25 | 北京娜迦信息科技发展有限公司 | A kind of method and device of extended software function |
| CN104866292A (en) * | 2014-02-25 | 2015-08-26 | 北京娜迦信息科技发展有限公司 | Method and device for extending software function |
| CN104216946B (en) * | 2014-07-31 | 2019-03-26 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for beating again packet application program for determination |
| CN104216946A (en) * | 2014-07-31 | 2014-12-17 | 百度在线网络技术(北京)有限公司 | Method and device for determining repackaging application program |
| CN104317574A (en) * | 2014-09-30 | 2015-01-28 | 北京金山安全软件有限公司 | Method and device for identifying application program type |
| CN104317574B (en) * | 2014-09-30 | 2018-03-30 | 北京金山安全软件有限公司 | Method and device for identifying application program type |
| CN104391798A (en) * | 2014-12-09 | 2015-03-04 | 北京邮电大学 | Software feature information extracting method |
| CN104778409B (en) * | 2015-04-16 | 2018-01-12 | 电子科技大学 | A kind of detection method and device of Android application software similitude |
| CN104778409A (en) * | 2015-04-16 | 2015-07-15 | 电子科技大学 | Method and device for detecting similarities of Android application software |
| CN105389508B (en) * | 2015-11-10 | 2018-02-16 | 工业和信息化部电信研究院 | A kind of Android beats again the detection method and device of bag application |
| CN105389508A (en) * | 2015-11-10 | 2016-03-09 | 工业和信息化部电信研究院 | Detection method and apparatus for re-packaged Android application |
| CN105825085A (en) * | 2016-03-16 | 2016-08-03 | 广州彩瞳网络技术有限公司 | Application program processing method and device |
| CN105825085B (en) * | 2016-03-16 | 2019-02-15 | 广州优视网络科技有限公司 | The processing method and processing device of application program |
| CN106503559B (en) * | 2016-11-23 | 2019-03-19 | 杭州师范大学 | The extracting method and device of feature |
| CN106503559A (en) * | 2016-11-23 | 2017-03-15 | 杭州师范大学 | The extracting method of feature and device |
| CN106951780B (en) * | 2017-02-08 | 2019-09-10 | 中国科学院信息工程研究所 | Beat again the static detection method and device of packet malicious application |
| CN106951780A (en) * | 2017-02-08 | 2017-07-14 | 中国科学院信息工程研究所 | Beat again the static detection method and device of bag malicious application |
| JP7119096B2 (en) | 2018-01-04 | 2022-08-16 | ライン プラス コーポレーション | license verification device |
| JP2021516379A (en) * | 2018-01-04 | 2021-07-01 | ライン プラス コーポレーションLINE Plus Corporation | License verification device |
| CN110336777A (en) * | 2019-04-30 | 2019-10-15 | 北京邮电大学 | The communication interface acquisition method and device of Android application |
| CN110336777B (en) * | 2019-04-30 | 2020-10-16 | 北京邮电大学 | Communication interface acquisition method and device for android application |
| CN110175045A (en) * | 2019-05-20 | 2019-08-27 | 北京邮电大学 | Android application program beats again bag data processing method and processing device |
| CN110378118A (en) * | 2019-06-26 | 2019-10-25 | 南京理工大学 | The Android application third party library detection method of efficiently and accurately |
| CN110378118B (en) * | 2019-06-26 | 2022-11-25 | 南京理工大学 | Efficient and accurate android application third-party library detection method |
| CN110598408A (en) * | 2019-08-23 | 2019-12-20 | 华中科技大学 | App clone detection method and system based on function layer coding |
| CN110598408B (en) * | 2019-08-23 | 2021-03-26 | 华中科技大学 | App clone detection method and system based on function layer coding |
| CN112099880A (en) * | 2020-08-12 | 2020-12-18 | 北京大学 | Method and system for reducing application program driven by scene |
| CN112099880B (en) * | 2020-08-12 | 2021-07-30 | 北京大学 | Method and system for reducing application program driven by scene |
| CN113641363B (en) * | 2021-10-18 | 2022-02-11 | 北京邮电大学 | Third-party library detection method and device |
| CN113641363A (en) * | 2021-10-18 | 2021-11-12 | 北京邮电大学 | Third-party library detection method and device |
| CN115859292A (en) * | 2023-02-20 | 2023-03-28 | 卓望数码技术(深圳)有限公司 | Fraud-related APP detection system, judgment method and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103473346B (en) | 2017-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103473346A (en) | Android re-packed application detection method based on application programming interface | |
| Ma et al. | Libradar: Fast and accurate detection of third-party libraries in android apps | |
| Duan et al. | Detective: Automatically identify and analyze malware processes in forensic scenarios via DLLs | |
| US10915659B2 (en) | Privacy detection of a mobile application program | |
| Crussell et al. | Andarwin: Scalable detection of android application clones based on semantics | |
| Crussell et al. | Andarwin: Scalable detection of semantically similar android applications | |
| Crussell et al. | Attack of the clones: Detecting cloned applications on android markets | |
| Crussell et al. | Scalable semantics-based detection of similar android applications | |
| Mehtab et al. | AdDroid: rule-based machine learning framework for android malware analysis | |
| US20150213365A1 (en) | Methods and systems for classification of software applications | |
| CN106951780A (en) | Beat again the static detection method and device of bag malicious application | |
| KR20150044490A (en) | A detecting device for android malignant application and a detecting method therefor | |
| KR101858620B1 (en) | Device and method for analyzing javascript using machine learning | |
| Zhou et al. | Vulnerable gpu memory management: towards recovering raw data from gpu | |
| CN112528284A (en) | Malicious program detection method and device, storage medium and electronic equipment | |
| Karbab et al. | Cypider: building community-based cyber-defense infrastructure for android malware detection | |
| Patel et al. | Detection and mitigation of android malware through hybrid approach | |
| KR20200039912A (en) | System and method for automatically analysing android malware by artificial intelligence | |
| Gonzalez et al. | Authorship attribution of android apps | |
| KR101256468B1 (en) | Apparatus and method for detecting malicious file | |
| Ahmadi et al. | Intelliav: Toward the feasibility of building intelligent anti-malware on android devices | |
| US10296743B2 (en) | Method and device for constructing APK virus signature database and APK virus detection system | |
| CN105760761A (en) | Software behavior analyzing method and device | |
| Yuan et al. | Towards {Large-Scale} Hunting for Android {Negative-Day} Malware | |
| Ullah et al. | Detection of clone scammers in Android markets using IoT‐based edge computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20131225 Assignee: Green Hin technology development (Beijing) Co., Ltd. Assignor: Peking University Contract record no.: 2017990000291 Denomination of invention: Android re-packed application detection method based on application programming interface Granted publication date: 20170104 License type: Common License Record date: 20170719 |