CN104992112B - The method and apparatus for detecting Android system sensitive information leakage - Google Patents
The method and apparatus for detecting Android system sensitive information leakage Download PDFInfo
- Publication number
- CN104992112B CN104992112B CN201510255820.XA CN201510255820A CN104992112B CN 104992112 B CN104992112 B CN 104992112B CN 201510255820 A CN201510255820 A CN 201510255820A CN 104992112 B CN104992112 B CN 104992112B
- Authority
- CN
- China
- Prior art keywords
- function
- built
- sensitive information
- application
- sendtobytes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
Abstract
The method of detection Android system sensitive information leakage of the present invention, at natinve layers by built-in function ioctl (), built-in function sendToBytes () and built-in function SSLWrite () function name prefixing, and to built-in function ioctl (), built-in function sendToBytes () and built-in function SSLWrite () shell adding formation shell function, the built-in function ioctl () of shell adding can carry out stain mark to application process to be measured, the built-in function sendToBytes () and built-in function SSLWrite () of shell adding can carry out the stain inspection of plaintext and ciphertext to application process to be measured, so as to reduce false dismissal probability, in application layer, the enough self-defined sensitive informations of control module potential energy, and the degree of danger of application to be measured is calculated and early warning, therefore static pitching pile need not be carried out to application to be measured, also without reconstruct performing environment, natinve layers of dynamic dust detection can be realized, and detect environment layering interconnection, realize simple, being capable of early warning danger classes.
Description
Technical field
The invention belongs to detect sensitive information leakage field, and in particular to a kind of detection Android system sensitive information leakage
Method and apparatus.
Background technology
Because Android such as increases income at the characteristic, Android has become the most popular mobile terminal operating system in the whole world.
Show that android system occupation rate of market is according to StrategyAnalytics 2014 third season investigational datas
83.6%, occupy Mobile operating system market first.With the extensive use of Android mobile devices, large-scale malicious application
Also produce therewith.To 2013, the share that Android accounts for the mobile malicious application in the whole world was 97%.
It is can be seen that by a large amount of unofficial markets (including official market google play) application issued due to lacking
Weary effective testing mechanism, malicious application is spread unchecked.Malicious application is broadly divided into consuming resource-type, destroys system type, maliciously deducts fees
Type, steals private data type etc..Nowadays, many users save a large amount of individual privacy data in mobile terminal, and a lot
Business people also saving trade secret data, and these data turn into the target that increasing malicious application is stolen.
The method of detection android privacy leakage main flows has static and two kinds of dynamic at present.Static method is compiled by counter
Translate the sensitive data leakage approach whether having in scientific discovery source code.Behavioural information when dynamic approach is collection procedure operation,
And interacting between application program and external environment condition is detected, so as to determine whether malicious act.Dynamic stain analysis is a kind of
Typical privacy leakage detection method, it usually needs three links, stain mark, tainting and dust detection, belong to dynamic
The category of detection method.
The existing detection method based on stain is typically by specific blot detecting system is customized, to android systems
System or simulator carry out either statically or dynamically pitching pile, add stain label, trigger corresponding behavior, are examined when program is run
Survey.These methods are required for greatly the complicated Android system or simulator environment of configuration, and pitching pile process is more complicated, generally difficult
Accurately to trigger malicious act, the leakage of password of stain data etc. can not be also detected.
At present, Chinese patent application publication No. is that CN103177210A discloses one kind implantation dynamic dirt in Android
The method of point analysis module, this method carries out static pitching pile to the system class libraries and application program of android system, by resetting
Performing environment is reconstructed to the method for virtual machine run function, application program can quote the system class libraries after pitching pile when loading,
In running, dynamic stain trace analysis is implemented in dynamic stain analysis module synchronous operation.Although this method need not be changed
Android system source code and system architecture, but static pitching pile will be carried out to system class libraries and application to be measured, in addition it is also necessary to reconstruct
Performing environment, realizes complicated, and can not detect that stain data are revealed with ciphertext form, more can not self-defined sensitive data source and pre-
Danger classes of alert prompting application to be measured etc..
The content of the invention
The present invention is carried out to solve above-mentioned problem, it is therefore intended that provide a kind of realization simply, can be self-defined quick
Sense information and the detection Android that the stain data revealed in plaintext or cipher text form and energy early warning danger classes can be detected simultaneously
The method and apparatus of system sensitive information leakage.
Realize simple, self-defined sensitive information and can detect simultaneously with plaintext or cipher text shape the invention provides one kind
The method of the stain data of formula leakage and the detection Android system sensitive information leakage of energy early warning danger classes, it is characterised in that
Comprise the following steps:Step 1, by built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write ()
Function name prefixing, then formed so files, import native layers of android in;
Step 2, it is built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () is corresponding
Built-in function ioctl (), built-in function sendtoBytes () and storehouse that function body passes through prefixing corresponding in invocation step 1
Function SSL_write () forms corresponding shell function respectively, then forms so files, imports in native layers of android;
Step 3, sensitive information is defined, the information of all sensitive information processes and application process to be measured is stored in shared region
In;
Step 4, when the purpose that application process to be measured calls the built-in function ioctl () to carry out process communication and access is entered
When journey belongs to coexistence, using sensitive information process, the constant stain data of mark and the triple for accessing sensitive information weight
Stain mark pattern carries out stain to the application process to be measured and marks to form label information, and will be corresponding in shared region
Marked positions position, by the shared marked data for depositing area of the constant stain data Cun Chudao of the mark;
Step 5, the data sent according to label information to shell function sendtoBytes () and shell function SSL_write ()
Bag carries out dust detection;
Step 6, judge whether the packet comprising label information needs to detect again;
Step 7, the access sensitive information weight sum and early warning application process to be measured in application process to be measured are calculated
Danger classes.
The method of the detection Android system sensitive information leakage of the present invention can also have the feature that:Wherein, shell letter
Several function signatures and built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () function
Signature just as.
The method of the detection Android system sensitive information leakage of the present invention can also have the feature that:Wherein, institute is worked as
When stating application to be measured not using AES, shell function sendtoBytes () send for clear data bag, shell function SSL_
The ciphertext packet for transport layer SSL encryption that write () is sent;When the application to be measured uses AES, two shells
Function all sends ciphertext packet.
The method of the detection Android system sensitive information leakage of the present invention can also have the feature that:Wherein, step 6
Comprise the steps of:
Step 6-1, checked data and weight of packet of the caching comprising label information to shared region;Step
6-2, if checked data are consistent with marked data, remarked to set to 0, if checked data and
Marked data are inconsistent, then remarked keeps in checked data value to put 1, re-start stain mark and examine
Survey.
Present invention additionally comprises the device of detection Android system sensitive information leakage, it is characterised in that includes:Stain mark
Module is remembered, positioned at native layer of android, for application process progress stain mark to be detected;Dust detection module,
Positioned at native layers of android, for filtering and intercepting and capturing shell function sendtoBytes () and shell function SSL_write () hairs
The packet sent;Control module, positioned at android application layers, for User Defined sensitive information, voluntarily searches all sensitivities
The information of information process and application process to be detected is simultaneously write in shared region, receives the described of the dust detection module transmission
Packet, and the packet is calculated, to danger of application process to be detected described in testing staff's early warning etc.
Level;And sharing storage module, positioned at the global data area of process, for storing the application process to be detected, sensitive letter
Breath process and label information.
The effect of invention and effect
According to the method for detection Android system sensitive information leakage involved in the present invention, by by natinve layers
Built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () function name prefixing, and it is right
Built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () shell adding formation shell function, shell adding
Built-in function ioctl () can carry out stain mark, the built-in function sendtoBytes () of shell adding and storehouse to application process to be measured
Function SSL_write () can carry out the stain inspection of plaintext and ciphertext to application process to be measured, so that it is general to reduce missing inspection
Rate, in application layer, control module can self-defined sensitive information, and the degree of danger of application to be measured is calculated and early warning
Prompting, therefore the method for detection Android system sensitive information leakage involved in the present invention need not carry out static state to application to be measured
Pitching pile, it is not required that reconstruct performing environment, you can to realize natinve layers of dynamic dust detection, and detect that environment is layered
Interconnection, is realized simply, and being capable of early warning danger classes.
Brief description of the drawings
Fig. 1 is the flow chart of the method for detection Android system sensitive information leakage in embodiments of the invention;And
Fig. 2 is the structure chart of the device of detection Android system sensitive information leakage in embodiments of the invention.
Case is embodied
In order that the technical means, the inventive features, the objects and the advantages of the present invention are easy to understand, it is real below
Example combination accompanying drawing is applied to be specifically addressed the method and apparatus of the detection Android system sensitive information leakage of the present invention.
In Android, some sensitive informations, such as address list, photograph album, view log etc., all it is to be taken with system
The form storage of business, will access these information, it is necessary to access corresponding service processes.
Malicious application obtains sensitive information data, largely can be sent to remote server by network.These sensitivity letters
Breath data are sent by plaintext or cipher text.The two local built-in functions called are sendtoBytes () and SSL_write ().
Fig. 1 is the flow chart of the method for detection Android system sensitive information leakage in embodiments of the invention.
As shown in figure 1, the method for detection Android system sensitive information leakage is used to detect the malicious application in Android system
Program, prevents malicious application from propagating wantonly, and the method for detection Android system sensitive information leakage of the invention is realized simply, can be certainly
Define sensitive information and the stain data revealed in plaintext or cipher text form and energy early warning danger classes can be detected simultaneously.Detection
The method 100 of Android system sensitive information leakage is comprised the steps of:
Step S1, exports built-in function ioctl (), the built-in function sendtoBytes included in android local librarys respectively
() and built-in function SSL_write () shared library file, resolution file obtain file prototype, the built-in function ioctl then given
(), built-in function sendtoBytes () and built-in function SSL_write () function name prefixing, are compiled into so files, again
Import in local library layer.
Function name prefixing is given, such as adds " ctlmark_ ", obtains with ctlmark_ioctl (), ctlmark_
The form of sendtoBytes (), ctlmark_SSL_write () name, will be with ctlmark_ioctl (), ctlmark_
The built-in function of sendtoBytes (), ctlmark_SSL_write () name is compiled into after so files, and local library layer is imported again
In.Subsequently into step S2.
Step S2, by built-in function ioctl (), built-in function sendtoBytes () and the built-in function SSL_write ()
Built-in function ioctl (), built-in function sendtoBytes () of the corresponding function body by prefixing corresponding in invocation step 1
And built-in function SSL_write () forms corresponding shell function respectively, so files are then formed, are imported in local library layer.
Stain mark module:
Mark.so includes following content:
ioctl(para…){
Stain mark function code;
Pass ginseng code;
return ctlmark_ioclt(para…);
}
Dust detection module:
Check.so includes following content:
sendToBytes(para…){
Detect function code;
Pass ginseng code;
return ctlmark_sendToBytes(para…);
}
SSLWrite(para…){
Detect function code;
Pass ginseng code;
return ctlmark_SSLWrite(para…);
}
Finally by mark.so, check.so is imported in local library layer.
Subsequently into step S3.
Step S3, in application layer, self-defined sensitive information, by all sensitive information processes and the information of application process to be measured
It is stored in shared region.
In application layer, control module apk files are installed, user's self-defined sensitive information in the control module, then, control
Molding block searches the PID of all sensitive information processes and the PID of application process to be measured, the PID of following sensitive information process automatically
Represented with SPID, the PID of application process to be measured is represented with MPID, and SPID and MPID are stored in shared region.Subsequently into
Step S4.
Step S4, when MPID calls built-in function ioctl () to carry out process communication, if the PID of purpose process belongs to altogether
Area is enjoyed, then the PID progress stains of purpose process are marked to form label information, mark pattern is triple<SPID, data,
weight>, wherein, SPID is the PID of sensitive information process, and data is the constant stain data of mark, and weight is to access quick
Feel the weight of information, then by corresponding marked positions position in shared region, and data is stored into the marked to shared region
In data.Subsequently into step S5.
Step S5, the number sent according to label information to shell function sendtoBytes () and shell function SSL_write ()
Dust detection is carried out according to bag.
When AES is not used in MPID, shell function sendtoBytes () send for clear data bag, shell function
The ciphertext packet for transport layer SSL encryption that SSL_write () is sent;When MPID uses AES, two shell functions
All send ciphertext packet.
If shell function sendtoBytes () is intercepted and captured in the marked positions position in shared region, dust detection module detection
The packet that the packet and shell function SSL_write () of transmission are sent, and it is sent to control module.Such as the PID of purpose process
For the PID marked by stain, then control module is sent to, if the PID of purpose process is not labeled, abandoned.Then enter
Enter step S6.
Step S6, judges whether the packet comprising label information needs to detect again.
Control module does following processing after receiving packet:
Step S6-1, temporary cache<SPID,data,weight>Packet to shared memory checked data,
Weight.
Step S6-2, judges whether the packet comprising label information needs to examine again, as checked data and marked
Data it is consistent when, such as the marked data marked are " 0000 ", and the checked data received are also " 0000 ",
Then remarked is sets to 0, subsequently into step S7;When checked data and marked data it is inconsistent when,
Remarked is set to 1, keeps in the checked data values, subsequently into step S4, re-starts stain mark and detects, if
The checked data received can reappear before checked data, then record the SPID and corresponding that MPID is accessed
Weight is into shared region.The marked data such as marked are " 0000 ", and the checked data received are " 8888 ", then
Secondary mark marked data are " 0000 ", examine the checked dataa whether reproducible " 8888 " received.Can also again more
A constant value is changed to be verified.
Step S7, in application layer, calculates in shared region the corresponding all SPID of same MPID weight sums and pre-
Alert prompting MPID danger classes, subsequently into done state.
Fig. 2 is the structure chart of the device of detection Android system sensitive information leakage in embodiments of the invention.
As shown in Fig. 2 the device 200 of detection Android system sensitive information leakage is included:Stain mark module 210 and stain
Detection module 220, control module 230, sharing storage module 240.
Stain mark module 210 is located at native layers of android, during for application process IPC communications to be detected,
Carry out stain mark.Built-in function the ioctl () shell adding communicated by IPC BinDer forms shell function to realize that stain marks work(
Energy.The built-in function ioctl () of shell adding is located in native layers of android shared library mark.so.
Dust detection module 220 is located at native layers of android, for filtering and intercepting and capturing shell function sendtoBytes ()
The packet sent with shell function SSL_write ().By to built-in function sendtoBytes () and built-in function SSL_write
() shell adding forms shell function to realize the function of dust detection.The built-in function sendtoBytes () and built-in function SSL_ of shell adding
Write () is located in native layers of android shared library check.so.
Control module 230 is located at android application layers, for User Defined sensitive information list, voluntarily searches
The PID of the sensitive information process and PID of malicious process, and shared memory is write, startup waits for thread and receives dust detection mould
The packet that block is sent, is calculated and to testing staff's early warning danger classes.
Sharing storage module 240, positioned at the global data area of control module process, for storing the application to be detected
Process, sensitive information process and label information.
The effect of embodiment and effect
The method of detection Android system sensitive information leakage according to involved by the present embodiment, by being incited somebody to action at natinve layers
Built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () function name prefixing, and it is right
Built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () shell adding formation shell function, shell adding
Built-in function ioctl () can carry out stain mark, the built-in function sendtoBytes () of shell adding and storehouse to application process to be measured
Function SSL_write () can carry out the stain inspection of plaintext and ciphertext to application process to be measured, so that it is general to reduce missing inspection
Rate, in application layer, control module can self-defined sensitive information, and the degree of danger of application to be measured is calculated and early warning
Prompting, therefore the method for the detection Android system sensitive information leakage involved by the present embodiment need not be quiet to application to be measured progress
State pitching pile, it is not required that reconstruct performing environment, you can to realize natinve layers of dynamic dust detection, and detect environment point
Layer interconnection, is realized simply, and being capable of early warning danger classes.
Above-mentioned embodiment is the preferred case of the present invention, is not intended to limit protection scope of the present invention.
Claims (5)
1. a kind of method for detecting Android system sensitive information leakage, for detecting the malicious application in Android system, prevents
The only propagation of malicious application, it is characterised in that comprise the following steps:
Step 1, by built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () function name
Prefixing, then forms so files, imports in native layers of android;
Step 2, by the built-in function ioctl (), the built-in function sendtoBytes () and the built-in function SSL_write
Built-in function ioctl (), built-in function sendtoBytes of () the corresponding function body by prefixing corresponding in invocation step 1
() and built-in function SSL_write () form corresponding shell function respectively, then form so files, import android
In native layers;
Step 3, in application layer, sensitive information is defined, the information of all sensitive information processes and application process to be measured is stored in
In shared region;
Step 4, when the purpose that the application process to be measured calls the built-in function ioctl () to carry out process communication and access is entered
When journey belongs to the shared region, using sensitive information process, the constant stain data of mark and the three of access sensitive information weight
Tuple stain mark pattern carries out stain to the application process to be measured and marks to form label information, and will be right in the shared region
The marked positions position answered, by the marked data of shared region described in the constant stain data Cun Chudao of the mark;
Step 5, the data sent according to the label information to shell function sendtoBytes () and shell function SSL_write ()
Bag carries out dust detection;
Step 6, judge whether the packet comprising the label information needs to detect again;
Step 7, in application layer, the access sensitive information weight sum and early warning in the application process to be measured are calculated
The danger classes of the application process to be measured.
2. the method for detection Android system sensitive information leakage according to claim 1, it is characterised in that:
Wherein, the function signature of the shell function and the built-in function ioctl (), the built-in function sendtoBytes () and
The function signature of the built-in function SSL_write () just as.
3. the method for detection Android system sensitive information leakage according to claim 1, it is characterised in that:
Wherein, when AES is not used in the application to be measured, the shell function sendtoBytes () send for plaintext number
The ciphertext packet for transport layer SSL encryption sent according to bag, the shell function SSL_write ();When the application to be measured makes
When using AES, two shell functions all send ciphertext packet.
4. the method for detection Android system sensitive information leakage according to claim 1, it is characterised in that:
Wherein, step 6 is comprised the steps of:
Step 6-1, caching comprising the label information the packet to the shared region checked data and
Weight;
Step 6-2, if the checked data are consistent with the marked data, remarked is sets to 0, if institute
State checked data and the marked data are inconsistent, then remarked keeps in the checked data's to put 1
Value, re-starts stain mark and detects.
5. a kind of usage right requires the method for the detection Android system sensitive information leakage described in 1 to 4 any one to detect peace
The device of tall and erect system sensitive information leakage, it is characterised in that include:
Stain mark module, positioned at native layers of android, for carrying out stain mark to application process to be detected;
Dust detection module, positioned at native layers of android, for filtering and intercepting and capturing shell function sendtoBytes () and shell letter
The packet that number SSL_write () is sent;
Control module, positioned at android application layers, for User Defined sensitive information, voluntarily searches all sensitive informations and enters
Journey and application process to be detected are simultaneously write in shared region, receive the packet that the dust detection module is sent, and right
The packet is calculated, the danger classes to application process to be detected described in testing staff's early warning;And
Sharing storage module, positioned at the global data area of process, enters for storing the application process to be detected, sensitive information
Journey and label information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510255820.XA CN104992112B (en) | 2015-05-19 | 2015-05-19 | The method and apparatus for detecting Android system sensitive information leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510255820.XA CN104992112B (en) | 2015-05-19 | 2015-05-19 | The method and apparatus for detecting Android system sensitive information leakage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104992112A CN104992112A (en) | 2015-10-21 |
| CN104992112B true CN104992112B (en) | 2017-10-13 |
Family
ID=54303925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510255820.XA Expired - Fee Related CN104992112B (en) | 2015-05-19 | 2015-05-19 | The method and apparatus for detecting Android system sensitive information leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104992112B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105825087B (en) * | 2016-03-16 | 2019-07-26 | 福建联迪商用设备有限公司 | The guard method of ELF shared library and its system |
| CN107958018B (en) * | 2017-10-17 | 2021-06-11 | 北京百度网讯科技有限公司 | Method and device for updating data in cache and computer readable medium |
| CN109409080B (en) * | 2018-10-09 | 2021-03-19 | 北京北信源信息安全技术有限公司 | Auditing method and device for HTTPS of browser |
| CN110413420B (en) * | 2019-01-23 | 2024-01-30 | 腾讯科技(深圳)有限公司 | Data transmission method, device, terminal and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103559446A (en) * | 2013-11-13 | 2014-02-05 | 厦门市美亚柏科信息股份有限公司 | Dynamic virus detection method and device for equipment based on Android system |
| CN104504337A (en) * | 2014-12-31 | 2015-04-08 | 中国人民解放军理工大学 | Method for detecting malicious application disclosing Android data |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080016339A1 (en) * | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
| KR101122650B1 (en) * | 2010-04-28 | 2012-03-09 | 한국전자통신연구원 | Apparatus, system and method for detecting malicious code injected with fraud into normal process |
-
2015
- 2015-05-19 CN CN201510255820.XA patent/CN104992112B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103559446A (en) * | 2013-11-13 | 2014-02-05 | 厦门市美亚柏科信息股份有限公司 | Dynamic virus detection method and device for equipment based on Android system |
| CN104504337A (en) * | 2014-12-31 | 2015-04-08 | 中国人民解放军理工大学 | Method for detecting malicious application disclosing Android data |
Non-Patent Citations (2)
| Title |
|---|
| 《基于信息流策略的污点传播分析及动态验证》;黄强等;《软件学报》;20111231;第2036页至2048页 * |
| 《跨主机动态污点跟踪技术研究》;任飞飞等;《计算机工程》;20130331;第39卷(第3期);第162页至166页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104992112A (en) | 2015-10-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104992112B (en) | The method and apparatus for detecting Android system sensitive information leakage | |
| CN109492378A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
| CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
| US9280665B2 (en) | Fast and accurate identification of message-based API calls in application binaries | |
| CN108229158B (en) | Method for protecting user privacy information stored in Android | |
| CN106874761A (en) | A kind of Android system malicious application detection method and system | |
| CN105956474A (en) | Abnormal behavior detection system of Android platform software | |
| CN112003920B (en) | Information sharing system | |
| US10686821B2 (en) | Analysis of mobile applications | |
| US10754717B2 (en) | Fast and accurate identification of message-based API calls in application binaries | |
| CN105653947B (en) | The method and device of data safety risk is applied in a kind of assessment | |
| CN106599688A (en) | Application category-based Android malicious software detection method | |
| CN105897663A (en) | Method for determining access authority, device and equipment | |
| CN103095693A (en) | Method for positioning and accessing database user host information | |
| CN108965251B (en) | A kind of safe mobile phone guard system that cloud combines | |
| CN107665313A (en) | Sensitive information methods of exhibiting, device, storage medium and computer equipment | |
| Harborth et al. | A two-pillar approach to analyze the privacy policies and resource access behaviors of mobile augmented reality applications | |
| CN108712253B (en) | Counterfeit mobile terminal identification method and device based on fingerprint of mobile phone sensor | |
| CN112257037A (en) | Process watermarking method and system and electronic equipment | |
| CN107563639B (en) | Information system risk assessment device and method based on fault tree | |
| CN113434588B (en) | Data mining analysis method and device based on mobile communication ticket | |
| CN105678187A (en) | Intelligent terminal privacy data protection method and system based on Android system | |
| CN104462392A (en) | Statistical method and statistical device for sharing return traffic | |
| CN113987468A (en) | Security check method and security check device | |
| CN114090785A (en) | Service processing method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171013 Termination date: 20200519 |