CN104766008A - Application program installation package safety detection method and server - Google Patents

Application program installation package safety detection method and server Download PDF

Info

Publication number
CN104766008A
CN104766008A CN201410007179.3A CN201410007179A CN104766008A CN 104766008 A CN104766008 A CN 104766008A CN 201410007179 A CN201410007179 A CN 201410007179A CN 104766008 A CN104766008 A CN 104766008A
Authority
CN
China
Prior art keywords
installation kit
sample
application program
detection
classification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410007179.3A
Other languages
Chinese (zh)
Inventor
吴鹏志
陆兆华
马炯雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201410007179.3A priority Critical patent/CN104766008A/en
Publication of CN104766008A publication Critical patent/CN104766008A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses an application program installation package safety detection method and a server. The application program installation package safety detection method comprises the steps of resolving application program installation packages to be detected, obtaining feature information of the installation packages, classifying the installation packages according to the obtained feature information, respectively screening out the corresponding installation packages serving as selected samples from the installation packages different in category after classification according to a preset rule, detecting the selected samples and recording detection results, using the detection results of the selected samples as detection results of all application program installation packages in the categories of the selected samples. The application program installation package safety detection method has the advantage of systematically and automatically detecting the safety of the application program installation packages, the detection efficiency of the application program installation packages is improved, and manual detection cost is saved.

Description

The safety detection method of application program installation kit and server
Technical field
The present invention relates to safety detection technology, particularly relate to a kind of safety detection method and server of application program installation kit.
Background technology
At present, along with making constant progress of Internet technology, the kind of the upper application program of intelligent terminal (as mobile phone) gets more and more, and therefore the requirement of application programs installation kit security detection is also more and more higher.It is undertaken by the mode of manual analysis that the security of existing application programs installation kit detects major part, due to the continuous increase of application program kind, and the continuous renewal of same application different editions, the application program installation kit of flood tide like this is all adopted to the detection mode of manual analysis, undoubtedly will the human cost of at substantial, and detection efficiency is low.
Summary of the invention
Given this, be necessary safety detection method and server that a kind of application program installation kit is provided, when being detected by manual analysis to solve, the problem that detection efficiency is low.
The embodiment of the invention discloses a kind of safety detection method of application program installation kit, comprise the following steps:
Resolve application program installation kit to be detected, obtain the characteristic information of described installation kit;
According to the described characteristic information obtained, described installation kit is classified;
According to preset rules, filter out corresponding installation kit described installation kit of all categories after classification respectively as being selected sample;
Be selected sample described in detection and record testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification.
The security that the embodiment of the invention also discloses a kind of application program installation kit detects server, comprising:
Parsing module, for resolving application program installation kit to be detected, obtains the characteristic information of described installation kit;
Sort module, for according to the described characteristic information obtained, classifies to described installation kit;
Screening module, for according to preset rules, filters out corresponding installation kit respectively as being selected sample described installation kit of all categories after classification;
Detection module, for being selected sample described in detecting and recording testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification.
The embodiment of the present invention resolves application program installation kit to be detected, obtains the characteristic information of described installation kit; According to the described characteristic information obtained, described installation kit is classified; According to preset rules, filter out corresponding installation kit described installation kit of all categories after classification respectively as being selected sample; Be selected sample described in detection and record testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification; Compared in prior art, manual analysis mode is adopted to detect each application program installation kit, the embodiment of the present invention has the beneficial effect that system detects the security of application program installation kit automatically, improves the detection efficiency of application program installation kit, has saved manual detection cost.
Accompanying drawing explanation
Fig. 1 is the safety detection method running environment schematic diagram of application program installation kit of the present invention;
Fig. 2 is the safety detection method first embodiment schematic flow sheet of application program installation kit of the present invention;
Fig. 3 is part installation kit one to be detected embodiment schematic diagram in the safety detection method of application program installation kit of the present invention;
Fig. 4 is the safety detection method second embodiment schematic flow sheet of application program installation kit of the present invention;
Fig. 5 calculates danger coefficient rear section installation kit one to be detected embodiment schematic diagram in the safety detection method of application program installation kit of the present invention;
Fig. 6 is that the security of application program installation kit of the present invention detects server first embodiment high-level schematic functional block diagram;
Fig. 7 is that the security of application program installation kit of the present invention detects server second embodiment high-level schematic functional block diagram.
The realization of embodiment of the present invention object, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Technical scheme of the present invention is further illustrated below in conjunction with Figure of description and specific embodiment.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
Please refer to Fig. 1, Fig. 1 is the safety detection method running environment schematic diagram of application program installation kit of the present invention; Fig. 1 shows the structural representation of the server involved by the embodiment of the present invention, and this server may be used for the safety detection method implementing the application program installation kit that the embodiment of the present invention provides.Specifically:
Server can include storer 120, input block 130, display unit 140, sensor 150, voicefrequency circuit 160, the parts such as the processor 180 including more than one or one process chip and power supply 190 of one or more computer-readable recording mediums.It will be understood by those skilled in the art that the server architecture shown in Fig. 1 does not form the restriction to server, the parts more more or less than diagram can be comprised, or combine some parts, or different parts are arranged.Wherein:
Storer 120 can be used for storing software program and module, and processor 180 is stored in software program and the module of storer 120 by running, thus performs the application of various function and data processing.Storer 120 mainly can comprise storage program district and store data field, and wherein, storage program district can store operating system, application program (such as sound-playing function, image player function etc.) etc. needed at least one function; Store data field and can store the data (such as voice data, phone directory etc.) etc. created according to the use of server.In addition, storer 120 can comprise high-speed random access memory, can also comprise nonvolatile memory, such as at least one disk memory, flush memory device or other volatile solid-state parts.Correspondingly, storer 120 can also comprise Memory Controller, to provide the access of processor 180 and input block 130 pairs of storeies 120.
Input block 130 can be used for the numeral or the character information that receive input, and produces and to arrange with user and function controls relevant keyboard, mouse, control lever, optics or trace ball signal and inputs.Such as, input block 130 can comprise input equipment 131.Input equipment 131 can include but not limited in touch-screen, physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, control lever etc. one or more.
Display unit 140 can be used for the various graphical user interface showing information or the information being supplied to maintainer and the server inputted by maintainer, and these graphical user interface can be made up of figure, text, icon, video and its combination in any.Display unit 140 can comprise display panel 141, optionally, the forms such as LCD (Liquid Crystal Display, liquid crystal display), OLED (OrganicLight-Emitting Diode, Organic Light Emitting Diode) can be adopted to configure display panel 141.
Server also can comprise at least one sensor 150, and other sensors such as such as optical sensor, motion sensor, gyroscope, barometer, hygrometer, thermometer, infrared ray sensor, do not repeat them here.
Voicefrequency circuit 160, loudspeaker 161, microphone 162 can provide the audio interface between maintainer and server.Voicefrequency circuit 160 can by receive voice data conversion after electric signal, be transferred to loudspeaker 161, by loudspeaker 161 be converted to voice signal export; On the other hand, the voice signal of collection is converted to electric signal by microphone 162, is converted to voice data after being received by voicefrequency circuit 160, then after voice data output processor 180 is processed, be sent to other equipment, or export voice data to storer 120 to process further.Voicefrequency circuit 160 also may comprise earphone jack, to provide the communication of peripheral hardware earphone and server.
Processor 180 is control centers of server, utilize the various piece of various interface and the whole server of connection, software program in storer 120 and/or module is stored in by running or performing, and call the data be stored in storer 120, perform various function and the process data of server.Optionally, processor 180 can comprise one or more process core; Preferably, processor 180 accessible site application processor and modem processor, wherein, application processor mainly processes operating system, user interface and application program etc., and modem processor mainly processes radio communication.Be understandable that, above-mentioned modem processor also can not be integrated in processor 180.
Server also comprises the power supply 190(such as battery of powering to all parts), preferably, power supply can be connected with processor 180 logic by power-supply management system, thus realizes the functions such as management charging, electric discharge and power managed by power-supply management system.Power supply 190 can also comprise one or more direct current or AC power, recharging system, power failure detection circuit, power supply changeover device or the random component such as inverter, power supply status indicator.
Although not shown, server can also comprise camera, communication module etc., does not repeat them here.Specifically in the present embodiment, server also includes one or more than one program, one of them or more than one program are stored in storer, and be configured to be performed by more than one or one processor, to complete the safety detection method of embodiment of the present invention application program installation kit.
Embodiment one
Fig. 2 is the safety detection method first embodiment schematic flow sheet of application program installation kit of the present invention; As shown in Figure 2, the safety detection method of application program installation kit of the present invention comprises the following steps:
Step S01, resolve application program installation kit to be detected, obtain the characteristic information of described installation kit;
In the embodiment of the present invention, server is resolved application program installation kit to be detected, thus according to analysis result, obtains the characteristic information of each application program installation kit to be detected; Such as, each installation kit title, version information, certificate signature, take storage size etc.
Because nearly all normal installation kit is when creating, is the corresponding attribute information of configuration, therefore, in the preferred embodiment of the present invention, by calling the attribute of each installation kit, each installation kit characteristic of correspondence information can be obtained.Such as, the application program installation kit major part suffix that the mobile terminal of Android operation system uses is called .apk, server can call the attribute information in above-mentioned installation kit and check, obtains above-mentioned installation kit characteristic information with this, the title of such as installation kit, version and certificate signature; Wherein, in the embodiment of the present invention, the certificate signature of each installation kit can substitute by the MD5 value of this installation kit.Such as, call " aaptdump bading file.{apk} " order by AAPT (Android Asset Packaging Tool, resource strapping tool), check the attribute of certain the APK installation kit called, certain APK(software can be got; Application) name of installation kit is called " com.tencent.qqpimsecure ", the version information of this installation kit is " 4.3.1 "; In addition, utilize call instruction " keytool-printcert – filefile.RSA ", the certificate signature of this installation kit can be got.
Step S02, according to obtain described characteristic information, described installation kit is classified;
Characteristic information due to each installation kit reflects the characteristic of this installation kit to a certain extent, and therefore server is according to the characteristic information of each installation kit obtained, and substantially can analyze the characteristic of each installation kit.The installation kit possessing identical characteristics, according to the characteristic information of each installation kit obtained, is divided into same classification by server, is convenient to follow-uply carry out security detection to above-mentioned installation kit.
In the preferred embodiment of the present invention, the characteristic information that server gets each installation kit comprises the title of each installation kit, version and certificate signature; The installation kit possessing identical credentials signature and same names, according to the title of above-mentioned installation kit obtained, version and certificate signature, is divided into same class by server.
In addition, in all installation kits to be detected, discovering server has the title of a lot of installation kit quite similar, and behavioural characteristic corresponding to this installation kit is also extremely similar; Therefore, for the installation kit of some similar names, identical credentials signature, because it possesses same or analogous feature, server is also divided into same classification.Fig. 3 is part installation kit one to be detected embodiment schematic diagram in the safety detection method of application program installation kit of the present invention, the sample shown in Fig. 3 and the application program installation kit to be detected of the part described in the present embodiment; For the installation kit shown in accompanying drawing 3, server extracts the common trait of above-mentioned installation kit, the title drawing above-mentioned installation kit all with " com.ApkKK_ " for prefix name, the above-mentioned installation kit of server analysis all has networking behavior, and be e-book, therefore, this kind of installation kit shown in Fig. 3 is divided into same classification by server.
Step S03, according to preset rules, after classification, filter out corresponding installation kit respectively as being selected sample described installation kit of all categories;
Step S04, detect described in be selected sample and record testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification.
After server is classified to above-mentioned installation kit, from sorted all kinds of installation kit, according to preset rules, extract the installation kit of predetermined number as being selected sample, and security detection is carried out to the sample of being selected filtered out.Such as, extract the highest namely up-to-date installation kit of version in above-mentioned installation kit as being selected sample, or to extract in above-mentioned installation kit by the maximum installation kit of report number of times as being selected sample, or extract installation kit that in above-mentioned installation kit, active obtaining user side privacy information is maximum as being selected sample, or the installation kit extracting latest edition in network game class installation kit is as being selected sample etc.; Those skilled in the art will appreciate that described preset rules can set according to different times, dissimilar installation kit, the particular content of the embodiment of the present invention to above-mentioned preset rules does not limit.
Server detect above-mentioned be selected sample after, be selected sample respectively testing result accordingly in the installation kit of all categories of record screening; Be for testing result and safe be selected sample, all installation kits that this is selected sample place classification by server are all recorded as safety; Be dangerous be selected sample for testing result, server need continue to detect the security that this is selected all installation kits of sample place classification.
In the embodiment of the present invention, server is dangerous be selected sample for testing result, continuing the detection mode detected when this is selected the security of all installation kits of sample place classification can be: detect this one by one and be selected each installation kit in the classification of sample place, identify whether dangerous installation kit; Also the installation kit that in the identical each installation kit of installation kit, version is the highest can only be detected; As long as server obtains out the testing result that this is selected each installation kit in the classification of sample place, the embodiment of the present invention does not limit the concrete detection mode of this situation server to above-mentioned installation kit.
The embodiment of the present invention resolves application program installation kit to be detected, obtains the characteristic information of described installation kit; According to the described characteristic information obtained, described installation kit is classified; According to preset rules, filter out corresponding installation kit described installation kit of all categories after classification respectively as being selected sample; Be selected sample described in detection and record testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification; Compared in prior art, manual analysis mode is adopted to detect each application program installation kit, the embodiment of the present invention has the beneficial effect that system detects the security of application program installation kit automatically, improves the detection efficiency of application program installation kit, has saved manual detection cost.
Embodiment two
Fig. 4 is the safety detection method second embodiment schematic flow sheet of application program installation kit of the present invention; The difference of embodiment described in the present embodiment and Fig. 2 is, embodiment of the present invention analysis also obtains the danger coefficient of each installation kit, and by the danger coefficient that each installation kit is corresponding, installation kit corresponding to screening as being selected sample, and then carries out follow-up security and detect.
Based on the description of embodiment described in Fig. 2, as shown in Figure 4, the safety detection method of embodiment of the present invention application program installation kit, also comprises:
Step S11, according to the described characteristic information obtained, calculate and obtain the danger coefficient of described installation kit.
Preferably, this step S11 can perform side by side with " the step S02, according to the described characteristic information obtained, classify to described installation kit " in embodiment described in Fig. 2; Alternatively, this step S11 also can perform after above-mentioned steps S02; When step S11 and step S02 performs side by side, shorten the testing process of the embodiment of the present invention to application program installation kit to be detected, saved detection time to a certain extent.
In the embodiment of the present invention, perform side by side for this step S11 and step S02, be described.
As shown in Figure 4, after server gets the characteristic information of application program installation kit to be detected, according to the characteristic information of each installation kit obtained, the each installation kit of server monitoring installs the behavior of corresponding application program based on the operating instruction that user side is triggered, or automatically run after this installation kit is downloaded to client and the behavior of the application program of correspondence is installed, obtaining the behavioral data of each installation kit installation process.According to the behavioral data obtained, whether each installation kit of server analysis has the responsive behavior relating to and obtain user data, such as sends note, creates desktop icons, opens camera, obtains EIC equipment identification code etc.; The item number that whether server relate to responsive behavior according to each installation kit, relate to the number of times of responsive behavior and responsive behavior, the type of responsive behavior related to, for each installation kit is given a mark, calculate the danger coefficient of each installation kit.The score value that server is beaten each installation kit is higher, and the danger coefficient of this installation kit calculated is also larger, and its danger coefficient is larger, and the possibility representing this installation kit danger is larger.
For the psychological cognition of user side, the installation kit of meeting choice for use latest edition usually, in addition, the installation kit of legacy version also may carry out security detection by serviced device; Therefore, server calculates and after obtaining danger coefficient corresponding to each installation kit, server according to danger coefficient from high to low, installation kit version from high to low, filter out described in predetermined number installation kit of all categories after classification and be selected sample; Such as, the installation kit after the highest i.e. latest update of the highest and version of screening server danger coefficient as being selected sample, and carries out security detection; Because this kind of installation kit possesses dangerous possibility want high relative to generic installation kit, therefore, select this kind of installation kit representatively to carry out security detection, its accuracy rate is higher.The number of what server screened from all kinds of installation kit be selected sample, determined by the number of the concrete installation kit in all kinds of installation kit, if the total installation kit negligible amounts of category-A installation kit, such as only has 3, then screen an installation kit and carry out detecting as being selected sample; If total installation kit quantity is more in category-B installation kit, than if any 10, then can screens two installation kits and detect as being selected sample.
As shown in Figure 5, Fig. 5 calculates danger coefficient rear section installation kit one to be detected embodiment schematic diagram in the safety detection method of application program installation kit of the present invention; By possess identical bag name and certificate and identical installation kit title and certificate signature installation kit classification after, and calculate and got the namely described danger coefficient of dangerous score value that in all kinds of installation kit, each installation kit is corresponding, server according to all kinds of installation kit comprise the number of installation kit number, from above-mentioned all kinds of installation kit, filter out that danger coefficient is the highest and the installation kit of the predetermined number that version is the highest carries out security detection as being selected sample.As shown in Figure 5, for " mobile video " class installation kit, because the danger coefficient of two installation kits comprised in this kind of installation kit is identical, therefore, choose a higher installation kit of version and carry out follow-up security detection as being selected sample, as shown in Figure 5 in such installation kit, the installation kit that black surround is chosen; For " webpage readily take the opportunity to favour " class installation kit, choose the highest and installation kit that version is the highest of danger coefficient in this kind of installation kit and carry out follow-up security detect as being selected sample, as shown in Figure 5 in such installation kit, the installation kit that black surround is chosen.
The embodiment of the present invention chooses the high and installation kit that version is high of danger coefficient in all kinds of installation kit as the screening mode being selected sample, improves the accuracy rate that installation kit security detects, and also improves the quality that installation kit security detects further.
Embodiment three
Fig. 6 is that the security of application program installation kit of the present invention detects server first embodiment high-level schematic functional block diagram; As shown in Figure 6, the security detection server of application program installation kit of the present invention comprises: parsing module 01, sort module 02, screening module 03 and detection module 04.
Parsing module 01, for resolving application program installation kit to be detected, obtains the characteristic information of described installation kit;
In the embodiment of the present invention, parsing module 01 is resolved application program installation kit to be detected, thus according to analysis result, obtains the characteristic information of each application program installation kit to be detected; Such as, each installation kit title, version information, certificate signature, take storage size etc.
Because nearly all normal installation kit is when creating, be the corresponding attribute information of configuration, therefore, in the preferred embodiment of the present invention, parsing module 01 by calling the attribute of each installation kit, can obtain each installation kit characteristic of correspondence information.Such as, the application program installation kit major part suffix that the mobile terminal of Android operation system uses is called .apk, parsing module 01 can call the attribute information in above-mentioned installation kit and check, obtains above-mentioned installation kit characteristic information with this, the title of such as installation kit, version and certificate signature; Wherein, in the embodiment of the present invention, the certificate signature of each installation kit can substitute by the MD5 value of this installation kit.Such as, parsing module 01 calls " aapt dump badingfile.{apk} " order by AAPT instrument, check the attribute of certain the APK installation kit called, the name that can get certain APK installation kit is called " com.tencent.qqpimsecure ", and the version information of this installation kit is " 4.3.1 "; In addition, parsing module 01 utilizes call instruction " keytool-printcert – file file.RSA ", can get the certificate signature of this installation kit.
Sort module 02, for according to the described characteristic information obtained, classifies to described installation kit;
Characteristic information due to each installation kit reflects the characteristic of this installation kit to a certain extent, and therefore sort module 02 is according to the characteristic information of each installation kit obtained, and substantially can analyze the characteristic of each installation kit.The characteristic information of each installation kit that sort module 02 obtains according to parsing module 01, is divided into same classification by the installation kit possessing identical characteristics, is convenient to follow-uply carry out security detection to above-mentioned installation kit.
In the preferred embodiment of the present invention, the characteristic information that parsing module 01 gets each installation kit comprises the title of each installation kit, version and certificate signature; The installation kit possessing identical credentials signature and same names, according to the title of above-mentioned installation kit obtained, version and certificate signature, is divided into same class by sort module 02.
In addition, in all installation kits to be detected, the title that parsing module 01 finds that there is a lot of installation kit is quite similar, and behavioural characteristic corresponding to this installation kit is also extremely similar; Therefore, for the installation kit of some similar names, identical credentials signature, because it possesses same or analogous feature, sort module 02 is also divided into same classification.For the installation kit shown in accompanying drawing 3, parsing module 01 extracts the common trait of above-mentioned installation kit, the title drawing above-mentioned installation kit all with " com.ApkKK_ " for prefix name, the above-mentioned installation kit of server analysis all has networking behavior, and be e-book, therefore, this kind of installation kit shown in Fig. 3 is divided into same classification by sort module 02.
Screening module 03, for according to preset rules, filters out corresponding installation kit respectively as being selected sample described installation kit of all categories after classification;
Detection module 04, for being selected sample described in detecting and recording testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification.
Screening module 03 from sorted all kinds of installation kit, according to preset rules, extracts the installation kit of predetermined number as being selected sample, and carries out security detection to the sample of being selected filtered out after classifying to above-mentioned installation kit.Such as, screening module 03 extracts the highest namely up-to-date installation kit of version in above-mentioned installation kit as being selected sample, or to extract in above-mentioned installation kit by the maximum installation kit of report number of times as being selected sample, or extract installation kit that in above-mentioned installation kit, active obtaining user side privacy information is maximum as being selected sample, or the installation kit extracting latest edition in network game class installation kit is as being selected sample etc.; Those skilled in the art will appreciate that described preset rules can set according to different times, dissimilar installation kit, the particular content of the embodiment of the present invention to above-mentioned preset rules does not limit.
Detection module 04 detect above-mentioned be selected sample after, be selected sample respectively testing result accordingly in the installation kit of all categories of record screening; Be for testing result and safe be selected sample, all installation kits that this is selected sample place classification by detection module 04 are all recorded as safety; Be dangerous be selected sample for testing result, detection module 04 need continue to detect the security that this is selected all installation kits of sample place classification.
In the embodiment of the present invention, detection module 04 is dangerous be selected sample for testing result, continuing the detection mode detected when this is selected the security of all installation kits of sample place classification can be: detect this one by one and be selected each installation kit in the classification of sample place, identify whether dangerous installation kit; Also the installation kit that in the identical each installation kit of installation kit, version is the highest can only be detected; As long as detection module 04 obtains out the testing result that this is selected each installation kit in the classification of sample place, the embodiment of the present invention does not limit the concrete detection mode of this situation server to above-mentioned installation kit.
The embodiment of the present invention resolves application program installation kit to be detected, obtains the characteristic information of described installation kit; According to the described characteristic information obtained, described installation kit is classified; According to preset rules, filter out corresponding installation kit described installation kit of all categories after classification respectively as being selected sample; Be selected sample described in detection and record testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification; Compared in prior art, manual analysis mode is adopted to detect each application program installation kit, the embodiment of the present invention has the beneficial effect that system detects the security of application program installation kit automatically, improves the detection efficiency of application program installation kit, has saved manual detection cost.
Embodiment four
Fig. 7 is that the security of application program installation kit of the present invention detects server second embodiment high-level schematic functional block diagram.The difference of embodiment described in the embodiment of the present invention and Fig. 6 is, server analysis also obtains the danger coefficient of each installation kit, and by the danger coefficient that each installation kit is corresponding, installation kit corresponding to screening as being selected sample, and then carries out follow-up security and detect.
Based on the description of embodiment described in Fig. 6, as shown in Figure 7, the security detection server of embodiment of the present invention application program installation kit also comprises computing module 05; The present embodiment is only described computing module 05, and the security about application program installation kit of the present invention detects other modules involved by server, please refer to the specific descriptions of above-mentioned related embodiment, does not repeat them here.
In the embodiment of the present invention, computing module 05 for: according to the described characteristic information obtained, calculate and obtain the danger coefficient of described installation kit.
After the parsing module 01 of server gets the characteristic information of application program installation kit to be detected, according to the characteristic information of each installation kit obtained, computing module 05 monitors each installation kit installs corresponding application program behavior based on the operating instruction that user side is triggered, or automatically run after this installation kit is downloaded to client and the behavior of the application program of correspondence is installed, obtaining the behavioral data of each installation kit installation process.According to the behavioral data obtained, whether computing module 05 analyzes each installation kit the responsive behavior relating to and obtain user data, such as sends note, creates desktop icons, opens camera, obtains EIC equipment identification code etc.; The item number that whether computing module 05 relate to responsive behavior according to each installation kit, relate to the number of times of responsive behavior and responsive behavior, the type of responsive behavior related to, for each installation kit is given a mark, calculate the danger coefficient of each installation kit.The score value that computing module 05 is beaten each installation kit is higher, and the danger coefficient of this installation kit calculated is also larger, and its danger coefficient is larger, and the possibility representing this installation kit danger is larger.
For the psychological cognition of user side, the installation kit of meeting choice for use latest edition usually, in addition, the installation kit of legacy version also may carry out security detection by serviced device; Therefore, computing module 05 calculates and after obtaining danger coefficient corresponding to each installation kit, screening module 03 according to danger coefficient from high to low, installation kit version from high to low, filter out described in predetermined number installation kit of all categories after classification and be selected sample; Such as, screening module 03 screens the installation kit after the highest i.e. latest update of the highest and version of danger coefficient as being selected sample, and carries out security detection; Because this kind of installation kit possesses dangerous possibility want high relative to generic installation kit, therefore, select this kind of installation kit representatively to carry out security detection, its accuracy rate is higher.Screening module 03 screens the number being selected sample of screening in all kinds of installation kit, determined by the number of the concrete installation kit in all kinds of installation kit, if the total installation kit negligible amounts of category-A installation kit, such as only has 3, then screen module 03 and screen an installation kit and carry out detecting as being selected sample; If total installation kit quantity is more in category-B installation kit, than if any 10, then screen module 03 and can screen two installation kits and detect as being selected sample.
As shown in Figure 5, sort module 02 by possess identical bag name and certificate and identical installation kit title and certificate signature installation kit classification after, and computing module 05 calculates and has got the namely described danger coefficient of dangerous score value that in all kinds of installation kit, each installation kit is corresponding, screening module 03 according to all kinds of installation kit comprise installation kit number number, from above-mentioned all kinds of installation kit, filtering out the highest and installation kit of the predetermined number that version is the highest of danger coefficient as being selected sample, carrying out follow-up installation kit security by detection module 04 and detecting.As shown in Figure 5, for " mobile video " class installation kit, because the danger coefficient of two installation kits comprised in this kind of installation kit is identical, therefore, screening module 03 is chosen a higher installation kit of version and is carried out follow-up security detection as being selected sample, as shown in Figure 5 in such installation kit, the installation kit that black surround is chosen; For " webpage readily take the opportunity to favour " class installation kit, screening module 03 is chosen the highest and installation kit that version is the highest of danger coefficient in this kind of installation kit and is carried out follow-up security detect as being selected sample, as shown in Figure 5 in such installation kit, the installation kit that black surround is chosen.
The embodiment of the present invention chooses the high and installation kit that version is high of danger coefficient in all kinds of installation kit as the screening mode being selected sample, improves the accuracy rate that installation kit security detects, and also improves the quality that installation kit security detects further.
It should be noted that, in this article, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or server and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or server.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the server comprising this key element and also there is other identical element.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
The foregoing is only the preferred embodiments of the present invention; not thereby its scope of the claims is limited; every utilize instructions of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; directly or indirectly be used in the technical field that other are relevant, be all in like manner included in scope of patent protection of the present invention.

Claims (14)

1. a safety detection method for application program installation kit, is characterized in that, comprises the following steps:
Resolve application program installation kit to be detected, obtain the characteristic information of described installation kit;
According to the described characteristic information obtained, described installation kit is classified;
According to preset rules, filter out corresponding installation kit described installation kit of all categories after classification respectively as being selected sample;
Be selected sample described in detection and record testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification.
2. the method for claim 1, is characterized in that, is selected sample and records testing result described in described detection, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification, comprising:
When to be selected sample described in detection be safe, the testing result being selected all application program installation kits of sample place classification described in record is safety.
3. method as claimed in claim 1 or 2, is characterized in that the application program installation kit that described parsing is to be detected obtains the characteristic information of described installation kit, comprising:
Resolve application program installation kit to be detected, check the attribute information of described installation kit, obtain the title of described installation kit, version and certificate signature.
4. method as claimed in claim 3, is characterized in that, the described described characteristic information according to obtaining, and classifies, comprising described installation kit:
According to the described characteristic information obtained, identical credentials signature and described installation kit that is identical and/or similar names are divided into same classification.
5. method as claimed in claim 1 or 2, is characterized in that the application program installation kit that described parsing is to be detected obtains the characteristic information of described installation kit, also comprises afterwards:
According to the described characteristic information obtained, calculate and obtain the danger coefficient of described installation kit.
6. method as claimed in claim 5, is characterized in that, described according to preset rules, filtering out corresponding installation kit respectively as being selected sample, comprising described installation kit of all categories after classification:
According to installation kit version and danger coefficient from high to low, the installation kit of predetermined number is filtered out respectively as being selected sample described installation kit of all categories after classification.
7. the method for claim 1, is characterized in that, described according to preset rules, filtering out corresponding installation kit respectively as being selected sample, also comprising afterwards described installation kit of all categories after classification:
Being selected sample described in detection and recording testing result, when being selected sample described in detecting for time dangerous, continuing the security of being selected all application program installation kits of sample place classification described in detecting.
8. the security of application program installation kit detects a server, it is characterized in that, comprising:
Parsing module, for resolving application program installation kit to be detected, obtains the characteristic information of described installation kit;
Sort module, for according to the described characteristic information obtained, classifies to described installation kit;
Screening module, for according to preset rules, filters out corresponding installation kit respectively as being selected sample described installation kit of all categories after classification;
Detection module, for being selected sample described in detecting and recording testing result, using the described testing result being selected sample as the described testing result being selected all application program installation kits of sample place classification.
9. server as claimed in claim 8, is characterized in that, described detection module also for:
When to be selected sample described in detection be safe, the testing result being selected all application program installation kits of sample place classification described in record is safety.
10. as claimed in claim 8 or 9 server, is characterized in that, described parsing module also for:
Resolve application program installation kit to be detected, check the attribute information of described installation kit, obtain the title of described installation kit, version and certificate signature.
11. servers as claimed in claim 10, is characterized in that, described sort module also for:
According to the described characteristic information obtained, identical credentials signature and described installation kit that is identical and/or similar names are divided into same classification.
12. servers as claimed in claim 8 or 9, is characterized in that, also comprise:
Computing module, for according to the described characteristic information obtained, calculates and obtains the danger coefficient of described installation kit.
13. servers as claimed in claim 12, is characterized in that, described screening module also for:
According to installation kit version and danger coefficient from high to low, the installation kit of predetermined number is filtered out respectively as being selected sample described installation kit of all categories after classification.
14. servers as claimed in claim 8, is characterized in that, described detection module also for:
Being selected sample described in detection and recording testing result, when being selected sample described in detecting for time dangerous, continuing the security of being selected all application program installation kits of sample place classification described in detecting.
CN201410007179.3A 2014-01-07 2014-01-07 Application program installation package safety detection method and server Pending CN104766008A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410007179.3A CN104766008A (en) 2014-01-07 2014-01-07 Application program installation package safety detection method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410007179.3A CN104766008A (en) 2014-01-07 2014-01-07 Application program installation package safety detection method and server

Publications (1)

Publication Number Publication Date
CN104766008A true CN104766008A (en) 2015-07-08

Family

ID=53647830

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410007179.3A Pending CN104766008A (en) 2014-01-07 2014-01-07 Application program installation package safety detection method and server

Country Status (1)

Country Link
CN (1) CN104766008A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105912367A (en) * 2016-04-18 2016-08-31 徐亚萍 Method for preventing error downloading of installation package
CN106502879A (en) * 2015-09-07 2017-03-15 中国移动通信集团公司 A kind of method and device for realizing applications security detection
CN106557505A (en) * 2015-09-28 2017-04-05 北京国双科技有限公司 A kind of information classification approach and device
CN106934284A (en) * 2015-12-30 2017-07-07 北京金山安全软件有限公司 A kind of application program detection method, device and terminal
CN107085684A (en) * 2016-02-16 2017-08-22 腾讯科技(深圳)有限公司 The detection method and device of performance of program
CN108959919A (en) * 2018-05-25 2018-12-07 合肥利元杰信息科技有限公司 A kind of technological service program downloading system
CN111737692A (en) * 2020-08-17 2020-10-02 腾讯科技(深圳)有限公司 Application program risk detection method and device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN102831149A (en) * 2012-06-25 2012-12-19 腾讯科技(深圳)有限公司 Sample analyzing method, device and storage medium
CN103312887A (en) * 2012-12-28 2013-09-18 武汉安天信息技术有限责任公司 Mobile phone application tampering recognition system, method and device
CN103473504A (en) * 2013-09-25 2013-12-25 西安交通大学 Android malicious code detection method based on class analysis

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102831149A (en) * 2012-06-25 2012-12-19 腾讯科技(深圳)有限公司 Sample analyzing method, device and storage medium
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN103312887A (en) * 2012-12-28 2013-09-18 武汉安天信息技术有限责任公司 Mobile phone application tampering recognition system, method and device
CN103473504A (en) * 2013-09-25 2013-12-25 西安交通大学 Android malicious code detection method based on class analysis

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106502879A (en) * 2015-09-07 2017-03-15 中国移动通信集团公司 A kind of method and device for realizing applications security detection
CN106557505A (en) * 2015-09-28 2017-04-05 北京国双科技有限公司 A kind of information classification approach and device
CN106934284A (en) * 2015-12-30 2017-07-07 北京金山安全软件有限公司 A kind of application program detection method, device and terminal
CN106934284B (en) * 2015-12-30 2020-02-11 北京金山安全软件有限公司 Application program detection method and device and terminal
CN107085684B (en) * 2016-02-16 2020-02-07 腾讯科技(深圳)有限公司 Program feature detection method and device
CN107085684A (en) * 2016-02-16 2017-08-22 腾讯科技(深圳)有限公司 The detection method and device of performance of program
CN105912367A (en) * 2016-04-18 2016-08-31 徐亚萍 Method for preventing error downloading of installation package
CN108959919A (en) * 2018-05-25 2018-12-07 合肥利元杰信息科技有限公司 A kind of technological service program downloading system
CN111737692A (en) * 2020-08-17 2020-10-02 腾讯科技(深圳)有限公司 Application program risk detection method and device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN104766008A (en) Application program installation package safety detection method and server
US20160241589A1 (en) Method and apparatus for identifying malicious website
CN106126015B (en) A kind of application program launching control method and terminal
US8856945B2 (en) Dynamic security question compromise checking based on incoming social network postings
CN105988836B (en) Application recommendation method and device
CN106453767A (en) Method and device for detecting failure after dropping
EP2994828B1 (en) Apps store with integrated test support
CN105630685A (en) Method and device for testing program interface
CN104184587A (en) Voiceprint generation method, voiceprint generation server, client and voiceprint generation system
CN106709346B (en) Document handling method and device
CN108875388A (en) Real-time risk control method, device and computer readable storage medium
CN105335653A (en) Abnormal data detection method and apparatus
CN107734616A (en) Closing application program method, apparatus, storage medium and electronic equipment
CN106529312A (en) Method and device for permission control of mobile terminal, and mobile terminal
CN106569860A (en) Application management method and terminal
CN109062468A (en) Multi-screen display method, device, storage medium and electronic equipment
CN108520177B (en) Application software management method and device, mobile terminal and readable storage medium
CN105940642B (en) Information display method, terminal and server
CN104200164B (en) A kind of checking and killing method, device and the terminal of loader Loader viruses
US20140007206A1 (en) Notification of Security Question Compromise Level based on Social Network Interactions
CN103870378A (en) Monitoring method for terminal device and terminal device
CN105320701A (en) Method and device for screening function point test implementing ways, and terminal
CN103269341A (en) Spyware analysis method and computer system
CN103729283B (en) System log output method and device and terminal device
CN107704356B (en) Exception stack information acquisition method, device and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150708