CN104834858A - Method for statically detecting malicious code in android APP (Application) - Google Patents
Method for statically detecting malicious code in android APP (Application) Download PDFInfo
- Publication number
- CN104834858A CN104834858A CN201510202311.0A CN201510202311A CN104834858A CN 104834858 A CN104834858 A CN 104834858A CN 201510202311 A CN201510202311 A CN 201510202311A CN 104834858 A CN104834858 A CN 104834858A
- Authority
- CN
- China
- Prior art keywords
- text
- user interface
- android
- code
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Abstract
The invention discloses a method for statically detecting a malicious code in an android APP (Application). The method comprises the following steps of preprocessing android software, and disassembling the android APP to obtain a java source code by virtue of decompiling software; performing a series of lexical and syntactic analysis on the java source code to obtain user interface text information; judging whether the APP has a malicious behavior or not according to the matching degree of the user interface text information and a calling interface in the APP. According to the method, various technical means such as lexical analysis and syntactic analysis can be adopted for scanning an APP file to generate a disassembling code of the APP under the condition of not running a code, and then the disassembling code is read to master a function of the APP, so that the malicious code in the android APP is detected.
Description
Technical field
The present invention relates to a kind of stationary detection technique of Android platform malicious code, belong to mobile application security technical field.
Background technology
Along with the develop rapidly of 3G network, increasing user brings into use mobile intelligent terminal, and wherein Android intelligent seizes rapidly smart mobile phone market due to its increasing income property and high performance-price ratio.While new features appear in smart mobile phone, various novel safety problem is also following.
Application market makes software be on sale throughout, installs and upgrade integration, and therefore developer can be put into application program in application market easily, and people also can obtain easily and use corresponding application program from application market.The mobility in market brings great challenge to safety problem.The application program of fast Development and deployment, rough permission system, the behavior of invasion of privacy and limited security model result in the recycling to mobile phone and application program.Even if people wish that application market really instead of on the surface can provide security mechanism, but application market is not but accomplished.General definition is lacked to safety and widely apply the appearance of program enable some malice, problematic and pregnable application program pours in application market.Thus causing user to be more and more easily subject to the attack of Malware, smart mobile phone safety problem has become the focal issue that user pays close attention to.Malware keeps stable speed increasing always.
At present, various analytical approach mainly concentrates on static analysis and performance analysis two general orientation.Static analysis method is method derivation program code by reverse-engineering or false code, and whether carry out determining program by the data stream in routine analyzer and instruction stream is rogue program.Dynamic-analysis method refers to and is being subject to analog subscriber executive software in the environment (usual sandbox or virtual machine) comprehensively controlled, and by the state change before and after comparison system operating software, extracts the behavior of program, finally reaches a conclusion.Dynamic monitoring requires real-time, and advantage is the impact can getting rid of Code obfuscation.Detect with dynamic behaviour and compare, static behavior detects due to without the need to virtual machine, sandbox etc., the low advantage of energy consumption is detected so have, and risk is also lower, dynamic behaviour is not had to detect the requirement of real-time high (needing to detect when program is run because dynamic behaviour detects) yet.But there is the difficulty that sample acquisition difficulty is high equally.
Summary of the invention
In order to solve the problem, the invention provides the static detection method of malicious code in a kind of android application, principle of the present invention is, carries out pre-service to android software, with decompiling software, dis-assembling is carried out to android application A PP, obtain java source code; Again a series of morphology, grammatical analysis are carried out to java source code, obtain the text message of user interface; Finally by the matching degree of user interface text message and program intrinsic call interface being differentiated to the whether despiteful behavior of application program exists.Realization of the present invention needs the common intention in more pre-defined android APP, and as sent note, dialing, HTTP link, installing other plug-in unit or application etc., the inventive method specifically comprises the steps:
1, Android software pre-service
Disassemblers is utilized to obtain java bytecode, then by decompiling instrument directly with the content in the form of source code display jar file; In the file that decompiling obtains, comprise AndroidManifest.xml file and java source code, in xml file, obtain metamessage (comprising log-on message and the entrance of Activity, Service etc.) and the authority application information of source code.
2, controlling stream graph generates
Through to source code pre-service, after morphology grammatical analysis, obtain abstract syntax tree (AST), then obtain the controlling stream graph of source code and data stream and function call graph, to carry out static analysis based on abstract syntax tree.
3, safety rule is resolved
Resolve safety rule, the crucial API Calls defined in search rule, and the relation of API Calls and this control called of triggering text message of correspondence in resource file, thus differentiate the existence of safety problem.Preferred definition SendSms, PhoneCall, HttpAccess, Install, SmsNotify, UiOperation six class intention type, according to calling of program inside API, is divided into behavior in the middle of a certain class in this classification.
4, user interface text is obtained
By scanning XML resource file, search the text that No. ID, control is corresponding.
5, text analyzing
After getting text, by the set of keywords of the corresponding intention of training structure one association, Stanford Parser is used to resolve the text of key word.
6, UI compatibility detects
Determine whether Android application program exists malicious act by matched rule.
By judging whether there is conflict between the program behavior (UI interface) that user interface user expects and practical programs behavior, detect android application program malicious act.
Further, the method obtaining user interface text is specially:
For the method function of user interface layer, first corresponding text is extracted, built by static topology, Activity assembly, once create, will carry out user interface corresponding to initialization by calling setContentView ([XML layout id]).Android application program is inclined to use XML file to define the interactive interface with user, searched for the constant of TextView attribute by ID from XML file, extract key word wherein, and the keyword dictionary built compares, the keyword generating TextView covers set.
Further, six class intention type of definition are specially:
SendSms, corresponding SMS sends the API of note;
PhoneCall, a corresponding direct dialing;
HttpAccess, the API of corresponding HTTP link;
Install, describes the api interface function for installing with other assemblies or application;
SmsNotify, describing user does not need mandate short message sending behavior, but application thereafter can notify that user there occurs the behavior of short message sending automatically;
UiOperation, a user interface level can show more element with the method function of user interactions.
By adopting technique scheme, the inventive method can realize when not operation code, the various technological means such as lexical analysis, grammatical analysis is adopted to scan program file thus the dis-assembling code of generator program, then read dis-assembling code and grasp program function, thus the malicious code in android application is detected.Utilize technical scheme of the present invention, apply 103 android application of downloading in shop by detecting from third party android, successful verification and measurement ratio reaches 83%, has higher discrimination.
Accompanying drawing explanation
Fig. 1 is android software pre-service block diagram.
Fig. 2 is that controlling stream graph generates block diagram.
Fig. 3 is overview flow chart of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
First define 6 kinds of intention intent, the API of these 6 kinds intention correspondences is very common in android APP:
(1) SendSms, this is intended to corresponding SMS and sends the API of note, be included in comprise in SMSManager note data administrative class sendTextMessage (), sendDataMessage (), these 3 kinds of methods of SendMultipartTextMessage ().These API perform through backstage of being everlasting.
(2) PhoneCall, a corresponding direct dialing, namely, triggers with the action of android.intent.action.CALL and calls startActivity ().Malware by dialling when not causing user to note, and then affects auto dialing mechanism.
(3) HttpAccess, this intention describes the API of HTTP link.Because different objects, HTTP is linked in Android application very common.Comprise URL.openConnection, URL.openStream (), AbstractHttpClient.execute () etc.
(4) Install, describes the api interface function for installing with other assemblies or application.
(5) SmsNotify, in some cases, user does not need mandate short message sending behavior, but after this, application can notify that user there occurs the behavior of short message sending automatically.API below our modelling is associated with this intention.ContentResolver.insert () and destination address are provided by URL " content: //sms ".This means that insertion data are in pre-loaded note data storehouse.
(6) UiOperation, a user interface level can show more element with the method function of user interactions, we are associated with UiOperation intention AlertDialog $ Builder.setMessage (), ImageView.setImageBitmap () and View.setBackgroundDrawable ().
The overview flow chart of the inventive method as shown in Figure 3, specifically comprises the steps:
The pre-service of step 1:Android software
As shown in Figure 1, in static analysis process, obtain dis-assembling code is main analytical work, first a powerful disassemblers to be chosen, after obtaining java bytecode, just directly the content in jar file can be shown with the form of source code by decompiling instrument.In the file that decompiling obtains, comprise AndroidManifest.xml file and java source code, in xml file, obtain metamessage (comprising log-on message and the entrance of Activity, Service etc.) and the authority application information of source code.
An Android program is made up of one or more Activity and its assembly, and different Activity realizes different functions, and each program has and only has a main Activity, is also first Activity that program starts and shows.The Activity used in a program needs manually to state in AndroidManifest.xml file, the activity label that statement Activity uses.Find main Activity in the AndroidManifest.xml that decompiling goes out after, directly can remove the dis-assembling code of the OnCreate () method of checking its place class, concerning most software, the code entrance of program that Here it is, all functions are performed all from here on, then can the execution flow process of Trancking Software.
Step 2: controlling stream graph generates
As shown in Figure 2, abstract syntax tree (AST), as the middle form of expression of program, through to source code pre-service, then obtains through morphology grammatical analysis.Can indicate source image intuitively, storage efficiency is high, but cannot represent complicated control flow check information, as selection, loop statement.The controlling stream graph of source code and data stream and function call graph can be obtained, to carry out static analysis based on abstract syntax tree.Controlling stream graph is the intermediate representation form of program, as the basis of functional dependence analysis, control flow analysis and data-flow analysis, can well reflect calling and performing flow process between statement and module.
Step 3: safety rule is resolved
Resolve safety rule, the crucial API Calls defined in search rule, and the relation of API Calls and certain parameter, rreturn value or some resource, thus differentiate the existence of safety problem.Safety analysis rule, general provision to the constraint of key message element in program, as crucial class, key method etc.Respective attributes as fruit, method meets the constraint condition of rule definition, then reporting analysis results.The content of rule relates generally to automatically expend, the common malicious act such as privacy is stolen, system destruction.
Text analyzing, the conflict between the program behavior expected by user interface user (UI interface) and program behavior detects android application program malicious act.First the Text obtaining UI interface is needed, most of android application developer is inclined to use XML file to define the interactive interface with user, thus in XML file, store the constant of this Text attribute, extract key word wherein, the keyword dictionary built compares, the key word generating Text covers set, thus whether the analysis anticipatory behavior of Text and the intrinsic function behavior of program have conflict.
When after intent propagation to the method function of user interface layer, next step is exactly the compatibility detecting user interface text and corresponding call function.
Step 4: obtain user interface text
Suppose the method function of a given user interface layer, need first to extract corresponding text, user interface controls is made up of ViewTree.This tree construction object can reflect the layout of user interface.There are two kinds of methods can build view layout (1) and dynamically build ViewTree by XML resource file (2) in the runtime statically.
Built by static topology, Activity assembly, once create, will carry out user interface corresponding to initialization by calling setContentView ([XML layout id]).Each UI control object has one different No. ID.Detailed description is had in XML file.In code, UI control object obtains by calling findViewByID ([object id]).By scanning XML resource file, search No. ID corresponding text.
Step 5: text analyzing
After getting text, built the set of keywords of a corresponding intention of association by certain training.Stanford Parser is used to resolve the text of key word.Application algorithm below carrys out the minimal set of identidication key (or to).
Algorithm 1 generates key word and covers set.
Select the highest key word k of the frequency of occurrences in a certain period, and k is added in set of keywords.Then all identical key word k in the method function of present user interface layer is removed.Such repetition is until cover all functions.
Step 6:UI compatibility detects
(1) function F of a given user interface layer correspond to UI text S, and have comprise one intention T, if S and T is incompatible, then not thinks and mate.Ineffective law, rule, etc. is not originally mated with any intention T.
(2) if T is SendSms intention and there is SmsNotify intention, the content of text S is all thought to match.
The invention is not restricted to above-described embodiment, all technical schemes adopting equivalent replacement or equivalence replacement to be formed all belong to the scope of protection of present invention.
Claims (4)
1. the static detection method of malicious code in android application, is characterized in that, comprise the steps:
The pretreated step of Android software: carry out decompiling to Android software, comprises AndroidManifest.xml file and java source code in the file that decompiling obtains, obtain metamessage and the authority application information of source code in xml file;
The step that controlling stream graph generates: through to source code pre-service, obtain abstract syntax tree after morphology grammatical analysis, then obtain the controlling stream graph of source code and data stream and function call graph based on abstract syntax tree;
The step that safety rule is resolved: resolve safety rule, the crucial API Calls defined in search rule, and the relation of API Calls and this control called of triggering text message of correspondence in resource file, thus differentiate the existence of safety problem; Definition intention type, according to calling of program inside API, is divided in the middle of the class in this intention type by behavior;
Obtain the step of user interface text: by scanning XML resource file, search the text that No. ID, control is corresponding;
The step of text analyzing: after getting text, by the set of keywords of the corresponding intention of training structure one association, uses Stanford Parser to resolve the text of key word;
The step that UI compatibility detects: by judging whether there is conflict between the program behavior that user interface user expects and the program behavior of reality, detect the malicious act of android application program.
2. method according to claim 1, is characterized in that, the step obtaining user interface text is specially:
For the method function of user interface layer, first extract corresponding text, built by static topology, Activity assembly, once create, will carry out user interface corresponding to initialization by calling setContentView; Android application program is inclined to use XML file to define the interactive interface with user, searched for the constant of TextView attribute by ID from XML file, extract key word wherein, and the keyword dictionary built compares, the keyword generating TextView covers set.
3. method according to claim 1 and 2, is characterized in that in the step of resolving in safety rule, the intention type of definition has SendSms, PhoneCall, HttpAccess, Install, SmsNotify, UiOperation.
4. method according to claim 3, is characterized in that, the intention type of definition is specially:
SendSms, corresponding SMS sends the API of note;
PhoneCall, a corresponding direct dialing;
HttpAccess, the API of corresponding HTTP link;
Install, describes the api interface function for installing with other assemblies or application;
SmsNotify, describing user does not need mandate short message sending behavior, but application thereafter can notify that user there occurs the behavior of short message sending automatically;
UiOperation, a user interface level can show more element with the method function of user interactions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510202311.0A CN104834858A (en) | 2015-04-24 | 2015-04-24 | Method for statically detecting malicious code in android APP (Application) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510202311.0A CN104834858A (en) | 2015-04-24 | 2015-04-24 | Method for statically detecting malicious code in android APP (Application) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104834858A true CN104834858A (en) | 2015-08-12 |
Family
ID=53812740
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510202311.0A Pending CN104834858A (en) | 2015-04-24 | 2015-04-24 | Method for statically detecting malicious code in android APP (Application) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104834858A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105184168A (en) * | 2015-09-02 | 2015-12-23 | 青岛工业软件研究所(中国科学院软件研究所青岛分部) | Method for tracking source code vulnerability correlation influence of Android system |
| CN105335655A (en) * | 2015-09-22 | 2016-02-17 | 南京大学 | Android application safety analysis method based on sensitive behavior identification |
| CN106201889A (en) * | 2016-07-15 | 2016-12-07 | 国云科技股份有限公司 | A kind of system and its implementation checking that program code writes specification |
| CN106933645A (en) * | 2017-01-17 | 2017-07-07 | 深圳市能信安科技股份有限公司 | A kind of Apk security risks automatic Static auditing system and method |
| CN106980787A (en) * | 2017-03-30 | 2017-07-25 | 杭州网蛙科技有限公司 | A kind of method and apparatus for recognizing malice feature |
| CN107844687A (en) * | 2017-11-22 | 2018-03-27 | 上海勋立信息科技有限公司 | A kind of Android information intercepting method and device |
| CN107943481A (en) * | 2017-05-23 | 2018-04-20 | 清华大学 | C programmer code specification building method based on multi-model |
| CN108062474A (en) * | 2016-11-08 | 2018-05-22 | 阿里巴巴集团控股有限公司 | The detection method and device of file |
| CN108090360A (en) * | 2018-01-16 | 2018-05-29 | 华南师范大学 | The Android malicious application sorting technique and system of a kind of Behavior-based control feature |
| CN108121701A (en) * | 2017-12-26 | 2018-06-05 | 深圳市海派通讯科技有限公司 | A kind of anti-harassment automatic identifying method and its intelligent terminal |
| CN108241802A (en) * | 2016-12-27 | 2018-07-03 | 卓望数码技术(深圳)有限公司 | A kind of Android platform privacy for polymerizeing multidimensional steals class application automatic identifying method |
| CN109684840A (en) * | 2018-12-20 | 2019-04-26 | 西安电子科技大学 | Based on the sensitive Android malware detection method for calling path |
| CN110162963A (en) * | 2019-04-26 | 2019-08-23 | 肖银皓 | A method of identifying power application program |
| CN110377499A (en) * | 2019-06-06 | 2019-10-25 | 北京奇安信科技有限公司 | The method and device that a kind of pair of application program is tested |
| CN110781081A (en) * | 2019-10-12 | 2020-02-11 | 南京信息职业技术学院 | Mobile application callback forced triggering method, system and storage medium |
| CN111488569A (en) * | 2020-04-09 | 2020-08-04 | 支付宝(杭州)信息技术有限公司 | Authority determining and managing method, device, equipment and medium |
| CN111902816A (en) * | 2018-03-20 | 2020-11-06 | 北京嘀嘀无限科技发展有限公司 | Malicious program detection |
| CN112000572A (en) * | 2020-08-07 | 2020-11-27 | 北京浪潮数据技术有限公司 | Source code scanning tool, method, equipment and medium |
| CN113778877A (en) * | 2021-09-10 | 2021-12-10 | 中金金融认证中心有限公司 | Method for detecting application program installation package and related product |
| CN114371682A (en) * | 2021-11-05 | 2022-04-19 | 中国科学院信息工程研究所 | PLC control logic attack detection method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
-
2015
- 2015-04-24 CN CN201510202311.0A patent/CN104834858A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
Non-Patent Citations (2)
| Title |
|---|
| 路程: "Android平台恶意软件检测系统的设计与实现", 《中国优秀硕士学位论文全文库(信息科技辑)》 * |
| 郁峰: "Android软件静态分析技术研究进展", 《无线互联科技》 * |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105184168A (en) * | 2015-09-02 | 2015-12-23 | 青岛工业软件研究所(中国科学院软件研究所青岛分部) | Method for tracking source code vulnerability correlation influence of Android system |
| CN105335655A (en) * | 2015-09-22 | 2016-02-17 | 南京大学 | Android application safety analysis method based on sensitive behavior identification |
| CN106201889A (en) * | 2016-07-15 | 2016-12-07 | 国云科技股份有限公司 | A kind of system and its implementation checking that program code writes specification |
| CN108062474A (en) * | 2016-11-08 | 2018-05-22 | 阿里巴巴集团控股有限公司 | The detection method and device of file |
| CN108241802A (en) * | 2016-12-27 | 2018-07-03 | 卓望数码技术(深圳)有限公司 | A kind of Android platform privacy for polymerizeing multidimensional steals class application automatic identifying method |
| CN106933645A (en) * | 2017-01-17 | 2017-07-07 | 深圳市能信安科技股份有限公司 | A kind of Apk security risks automatic Static auditing system and method |
| CN106980787A (en) * | 2017-03-30 | 2017-07-25 | 杭州网蛙科技有限公司 | A kind of method and apparatus for recognizing malice feature |
| CN107943481A (en) * | 2017-05-23 | 2018-04-20 | 清华大学 | C programmer code specification building method based on multi-model |
| CN107844687A (en) * | 2017-11-22 | 2018-03-27 | 上海勋立信息科技有限公司 | A kind of Android information intercepting method and device |
| CN107844687B (en) * | 2017-11-22 | 2021-06-25 | 上海勋立信息科技有限公司 | Android information intercepting method and device |
| CN108121701A (en) * | 2017-12-26 | 2018-06-05 | 深圳市海派通讯科技有限公司 | A kind of anti-harassment automatic identifying method and its intelligent terminal |
| CN108090360B (en) * | 2018-01-16 | 2021-04-13 | 华南师范大学 | Behavior feature-based android malicious application classification method and system |
| CN108090360A (en) * | 2018-01-16 | 2018-05-29 | 华南师范大学 | The Android malicious application sorting technique and system of a kind of Behavior-based control feature |
| CN111902816A (en) * | 2018-03-20 | 2020-11-06 | 北京嘀嘀无限科技发展有限公司 | Malicious program detection |
| CN109684840B (en) * | 2018-12-20 | 2021-06-25 | 西安电子科技大学 | Android malicious software detection method based on sensitive calling path |
| CN109684840A (en) * | 2018-12-20 | 2019-04-26 | 西安电子科技大学 | Based on the sensitive Android malware detection method for calling path |
| CN110162963A (en) * | 2019-04-26 | 2019-08-23 | 肖银皓 | A method of identifying power application program |
| CN110377499A (en) * | 2019-06-06 | 2019-10-25 | 北京奇安信科技有限公司 | The method and device that a kind of pair of application program is tested |
| CN110781081A (en) * | 2019-10-12 | 2020-02-11 | 南京信息职业技术学院 | Mobile application callback forced triggering method, system and storage medium |
| CN110781081B (en) * | 2019-10-12 | 2024-04-09 | 南京信息职业技术学院 | Mobile application callback forced triggering method, system and storage medium |
| CN111488569A (en) * | 2020-04-09 | 2020-08-04 | 支付宝(杭州)信息技术有限公司 | Authority determining and managing method, device, equipment and medium |
| CN112000572B (en) * | 2020-08-07 | 2022-06-17 | 北京浪潮数据技术有限公司 | Tool, method, equipment and medium for scanning source code |
| CN112000572A (en) * | 2020-08-07 | 2020-11-27 | 北京浪潮数据技术有限公司 | Source code scanning tool, method, equipment and medium |
| CN113778877A (en) * | 2021-09-10 | 2021-12-10 | 中金金融认证中心有限公司 | Method for detecting application program installation package and related product |
| CN114371682A (en) * | 2021-11-05 | 2022-04-19 | 中国科学院信息工程研究所 | PLC control logic attack detection method and device |
| CN114371682B (en) * | 2021-11-05 | 2024-04-05 | 中国科学院信息工程研究所 | PLC control logic attack detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104834858A (en) | Method for statically detecting malicious code in android APP (Application) | |
| Li et al. | Understanding android app piggybacking: A systematic study of malicious code grafting | |
| Lei et al. | EveDroid: Event-aware Android malware detection against model degrading for IoT devices | |
| CN108133139B (en) | Android malicious application detection system based on multi-operation environment behavior comparison | |
| KR102415971B1 (en) | Apparatus and Method for Recognizing Vicious Mobile App | |
| US9525706B2 (en) | Apparatus and method for diagnosing malicious applications | |
| CN105893848A (en) | Precaution method for Android malicious application program based on code behavior similarity matching | |
| CN104331662B (en) | Android malicious application detection method and device | |
| CN104834859A (en) | Method for dynamically detecting malicious behavior in Android App (Application) | |
| CN105335655A (en) | Android application safety analysis method based on sensitive behavior identification | |
| CN110704816B (en) | Interface cracking recognition method, device, equipment and storage medium | |
| CN112084497A (en) | Method and device for detecting malicious program of embedded Linux system | |
| CN114077741B (en) | Software supply chain safety detection method and device, electronic equipment and storage medium | |
| Wang et al. | LSCDroid: Malware detection based on local sensitive API invocation sequences | |
| KR101819322B1 (en) | Malicious Code Analysis Module and Method therefor | |
| Elish et al. | A static assurance analysis of android applications | |
| CN108268773B (en) | Android application upgrade package local storage security detection method | |
| Martinelli et al. | Classifying android malware through subgraph mining | |
| CN104038488A (en) | System network safety protection method and device | |
| CN106845235B (en) | A kind of Android platform call back function detection method based on machine learning method | |
| CN112817877B (en) | Abnormal script detection method and device, computer equipment and storage medium | |
| CN102156650A (en) | Method and device capable of implementing automatic analysis of patch | |
| CN110287722B (en) | Sensitive permission extraction method for privacy regulation check in iOS application | |
| CN116932381A (en) | Automatic evaluation method for security risk of applet and related equipment | |
| CN109299610B (en) | Method for verifying and identifying unsafe and sensitive input in android system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150812 |