CN105488361B - Piracy applies detection method and device, system - Google Patents
Piracy applies detection method and device, system Download PDFInfo
- Publication number
- CN105488361B CN105488361B CN201510812589.XA CN201510812589A CN105488361B CN 105488361 B CN105488361 B CN 105488361B CN 201510812589 A CN201510812589 A CN 201510812589A CN 105488361 B CN105488361 B CN 105488361B
- Authority
- CN
- China
- Prior art keywords
- application
- legal
- pirate
- signature
- piracy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 99
- 238000000034 method Methods 0.000 claims abstract description 50
- 238000012797 qualification Methods 0.000 claims description 13
- 238000009434 installation Methods 0.000 claims description 9
- 230000007246 mechanism Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 2
- 238000004140 cleaning Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 4
- 238000002513 implantation Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
Pirate detection method and device, system are applied the embodiment of the invention discloses a kind of, wherein method includes:Whether include the legal application message of current application by inquiring white list database, whether identification current application is legal application;One or more legal application message is stored in the white list database, every legal application message includes the packet name and signature of a legal application;If it is legal application to identify the current application not, the statistical nature based on associated application identifies whether the current application is pirate application;The associated application includes the current application and its related application;The statistical nature includes the version quantity and/or propagation quantity of the associated application.The detection to piracy application may be implemented in the embodiment of the present invention.
Description
Technical field
The present invention relates to the communication technologys, especially a kind of pirate using detection method and device, system.
Background technology
Android (Android) system has evolved into the operating system for most popularization and application on mobile terminal at present,
Meanwhile the application numbers based on android system are also very huge.Compared with other mobile terminal operating systems, Android system
More functional interfaces are provided for application developer, wherein many system bottom interfaces, improve the scalability of system, but
It also provides convenience simultaneously for malicious application.The distribution channel of Android system application is numerous, currently, being based on Android system on the market
Application to crack pirate phenomenon serious, for a cracker, he only needs simple several steps, and minute can will be a
Using being distorted and secondary packing.These pirate applications are usually quiet to appear in some non-normal electronic markets
Or channels, some even appear in the electronic market of some authoritys.Piracy application passes through embedded advertisement, interception
Payment, implantation back door etc. malicious manners, legal application software is often faced with viral implantation, advertisement replacement, channel of disbursement are distorted,
Fishing, information kidnap equivalent risk, can not only corrode the direct economy interests of legal developer, can also cause extremely to dislike to its reputation
Bad influence.
In the implementation of the present invention, inventor is recognized by industry survey report, currently, average each application has
Tens piracies, the pirate situation of game class application is even more to overflow, wherein the average pirate sample of simulation assisted class application
Number is most, and action venture, the average pirate number of signature of sport racing class application are most, and pirate situation severity is startling.So
And there presently does not exist the effective ways of the pirate application of detection.
Invention content
A technical problem to be solved of the embodiment of the present invention is:There is provided it is a kind of it is pirate using detection method and device,
System, to realize the detection to piracy application.
One side according to the ... of the embodiment of the present invention, what is provided is a kind of pirate using detection method, including:
By inquiring whether white list database includes the legal application message of current application, identify current application whether be
Legal copy application;One or more legal application message is stored in the white list database, every legal application message includes one
The packet name and signature of a legal application;
If it is legal application to identify the current application not, the statistical nature identification based on associated application is described currently to answer
With whether being pirate application;The associated application includes the current application and its related application;The statistical nature includes institute
It states the version quantity of associated application and/or propagates quantity.
In based on another of above method embodiment, the legal application message in the white list database is by certification
Mechanism and/or legal application developer provide.
In based on another of above method embodiment, further include:
Developer is authenticated by the user information stored in authentication database;
Developer by certification is legal application developer.
In based on another of above method embodiment, further include:
Identify whether the current application is pirate application by black list database;It is stored in the black list database
The packet name of pirate application there are one above pirate signature and using each pirate signature;
If it is legal application to identify the current application not, nor pirate application, execution is described to be based on associated application
Statistical nature identify the current application whether be pirate application operation.
In based on another of above method embodiment, further include:
If it is legal application to identify the current application not, nor whether pirate application, detection current application carry
There is pre-set malice feature;
If it is detected that current application carries malice feature, judgement current application be pirate application, current application signature
It signs for piracy;
The pirate signature and packet name of current application are recorded in black list database.
In based on another of above method embodiment, the statistical nature identification based on associated application is described current
Using whether being that pirate application includes:
According to pre-set statistical indicator, the statistical information of the associated application is obtained, the statistical information includes same
The statistical indicator numerical value of one application, the statistical indicator numerical value include version quantity and/or propagation quantity;
The maximum same application of decision statistic index value is legal applies;
Record is determined as the legal application message of the same application of legal application in white list database.
In based on another of above method embodiment, the statistical information further includes in the associated application using same
The different packet names of one signature;
The method further includes:
Judge whether the quantity of the different packet names in the associated application using same signature is more than 1;
If being more than 1 using the quantity of the different packet names of same signature in the associated application, judge to use the same signature
Different packet names between whether there is incidence relation;
If using incidence relation is not present between the different packet names of the same signature, judgement is answered using the different packet names
It is pirate signature with for piracy application, the same signature;
The packet name of the same signature and the different application using the same signature is recorded in black list database.
In based on another of above method embodiment, further include:
For that can not be determined as the application of legal application or pirate application in the associated application, it is sent to legal developer
Client, and respectively application is received in the associated application that legal developer's client returns as legal application or pirate application
Qualification result message;
According to qualification result message, if there is legal application in associated application, legal application is recorded by white list database
Legal application message;If there is pirate application in associated application, the pirate of pirate application is recorded by black list database and is signed
With packet name.
Other side according to the ... of the embodiment of the present invention, what is provided is a kind of pirate using detection device, including:
Recognition unit, the legal application message for whether including current application by inquiring white list database, identification
Whether current application is legal application;One or more legal application message, every legal copy are stored in the white list database
Application message includes the packet name and signature of a legal application;
First detection unit, for identifying the current application not and being legal copy in application, being based in the recognition unit
The statistical nature of associated application identifies whether the current application is pirate application;The associated application includes the current application
And its related application;The statistical nature includes the version quantity and/or propagation quantity of the associated application.
Another aspect according to the ... of the embodiment of the present invention, what is provided is a kind of pirate using detecting system, including above-mentioned implementation
The piracy of example applies detection device.
Detection method and device, system are applied based on the piracy that the above embodiment of the present invention provides, passes through white list data
Legal application message is stored in library, includes the packet name and signature of legal application.When carrying out pirate application detection, white list is first passed through
Database identifies whether current application is legal application, if it is that legal copy is answered to identify current application not by white list database
With the statistical nature of the associated application based on the application, for example, version quantity and/or propagation quantity, whether identification current application
It is applied for piracy, to realize effective detection and identification to piracy application.
Below by drawings and examples, technical scheme of the present invention will be described in further detail.
Description of the drawings
The attached drawing of a part for constitution instruction describes the embodiment of the present invention, and together with description for explaining
The principle of the present invention.
The present invention can be more clearly understood according to following detailed description with reference to attached drawing, wherein:
Fig. 1 is the pirate flow chart for applying detection method one embodiment of the present invention.
Fig. 2 is the pirate flow chart using another embodiment of detection method of the present invention.
Fig. 3 is the pirate flow chart using another embodiment of detection method of the present invention.
Fig. 4 is the pirate structural schematic diagram for applying detection device one embodiment of the present invention.
Fig. 5 is the pirate structural schematic diagram using another embodiment of detection device of the present invention.
Fig. 6 is the pirate structural schematic diagram using another embodiment of detection device of the present invention.
Fig. 7 is the pirate structural schematic diagram for applying detection device further embodiment of the present invention.
Fig. 8 is the pirate structural schematic diagram for applying detecting system one embodiment of the present invention.
Fig. 9 is the pirate structural schematic diagram using unified Application Example of detection system of the present invention.
Specific implementation mode
Carry out the various exemplary embodiments of detailed description of the present invention now with reference to attached drawing.It should be noted that:Unless in addition having
Body illustrates that the unlimited system of component and the positioned opposite of step, numerical expression and the numerical value otherwise illustrated in these embodiments is originally
The range of invention.
Simultaneously, it should be appreciated that for ease of description, the size of attached various pieces shown in the drawings is not according to reality
Proportionate relationship draw.
It is illustrative to the description only actually of at least one exemplary embodiment below, is never used as to the present invention
And its application or any restrictions that use.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable
In the case of, the technology, method and apparatus should be considered as part of specification.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it need not be further discussed in subsequent attached drawing in a attached drawing.
Android software cracks that pirate phenomenon is serious on the market at present, these pirate applications are usually quiet to be appeared in
Some non-normal electronic markets or channels, some even appear in the electronic market of some authoritys.These
Pirate application intercepts payment by embedded advertisement, and the malicious manners such as implantation back door can not only corrode the direct warp of legal manufacturer
Ji interests, can also make an extremely bad impression to its reputation.Therefore, it is necessary to by effective means monitor electronic market on this answer
Service condition in pirate situation and user equipment.
Fig. 1 is the pirate flow chart for applying detection method one embodiment of the present invention.As shown in Figure 1, the robber of the embodiment
Version using detection method includes:
120, the legal application message of current application whether is included by inquiring white list database, identification current application is
It is no to be applied to be legal.
Wherein, one or more legal application message is stored in white list database, every legal application message includes one
The packet name of the program bag of a legal application and the signature used.
Packet name is the field that system is used for distinguishing different application, an a application of packet name unique mark, the packet name repeated
Can be considered as that cannot be mounted in a system simultaneously with a application.
Signature, for distinguishing different developers, one developer of a signature file unique mark, the same developer
There can be multiple signatures, but the same signature can only be used by a developer.
If being identified there is no the legal application message consistent with current application packet name and signature in white list database
Current application is not legal application, executes operation 140.
140, whether the statistical nature identification current application based on associated application is pirate application.
Wherein, associated application includes current application and its related application, and related application according to actual needs, such as can wrap
The function that includes different developers exploitation is similar, the same or similar application of Apply Names, the different editions of same developer's exploitation
Application, packet name there is certain associated application;Statistical nature includes the version quantity and/or propagation quantity of associated application,
In, it can be using installation number on the subscriber terminal to propagate quantity for example.
Detection method is applied based on the piracy that the above embodiment of the present invention provides, it is legal by being stored in white list database
Application message includes the packet name and signature of legal application.When carrying out pirate application detection, first passes through white list database identification and work as
Whether preceding application is legal application, if it is legal application to identify current application not by white list database, is based on the application
Associated application statistical nature, for example, version quantity and/or propagate quantity, identification current application whether be pirate application, from
And realize the effective detection and identification to piracy application.
In concrete application, the legal application message in white list database can be opened by certification authority and/or legal application
Originator provides, such as can derive from the packet name and signing messages of the high-risk applications such as the payment class that Ministry of Industry and Information provides, and can root
According to actual demand real-time update.
In order to ensure the legal application message in white list database is true and reliable, of the invention pirate using detection method
Another embodiment in, can be by the user information that is stored in authentication database, to providing the exploitation of legal application message
Person carries out authentication, is only just legal application developer by the developer of authentication, just allows in white list data
The packet name and signature of the application of its offer are provided in library.
In addition, in pirate another embodiment using detection method of the invention, black list database can also be passed through
Identify whether current application is pirate application, be stored in black list database therein more than one pirate signature and
Use the packet name of the pirate application of each pirate signature.By white list database and black list database, can not both determine
It is piracy in application, both from white list database and blacklist number that current application, which is legal application, can not also determine current application
The signature and packet name information of current application can not be inquired according to library, just execute operation 140.
Specifically, identify whether current application is that pirate application can simultaneously be held with operation 120 by black list database
Row, can also prior to or be later than operation 120 execute.
Fig. 2 is the pirate flow chart using another embodiment of detection method of the present invention.As shown in Fig. 2, in the present invention
The piracy for stating embodiment is compared using detection method, in the embodiment, if identify current application not and be legal application, nor
Piracy application, i.e.,:By white list database and black list database, it can not both determine that current application was legal application or nothing
Method determines that current application is that piracy operates as follows in application, executing:
220, whether detection current application carries the code characteristics such as pre-set malice feature, such as virus, wooden horse.
If it is detected that current application carries malice feature, operation 240 is executed.Otherwise it is assumed that current application can not judge
For legal copy application or pirate application, the subsequent operation of the present embodiment is not executed, can execute operation 140.
240, judgement current application is signed for the signature of pirate application, current application for piracy.
Later, operation 260 can be selectively executed, to be updated to the pirate signature in black list database, complete
It is kind.
260, the pirate signature and packet name of current application are recorded in black list database.
In the implementation of the present invention, inventor has found, in practical applications, the version covering quantity of legal copy application is wanted
It is applied more than piracy, propagation quantity will also be more than pirate application, therefore, according to piracy of the invention using detection method embodiment
One specific example and it is unrestricted, the operation 140 in above-described embodiment can specifically be realized in the following way:According to setting in advance
The statistical indicator set obtains the statistical information of associated application, and statistical information therein includes the statistical indicator numerical value of same application,
Such as may include version quantity and/or propagation quantity;The maximum same application of decision statistic index value is legal applies;Choosing
The legal application message that the same application for being determined as legal application is recorded to selecting property in white list database, with to white list number
It is updated according to the legal application message in library, is perfect.
Illustratively, above-mentioned statistical information can also include that the different packet names of same signature are used in associated application.Accordingly
Ground is based on this statistical information, it can be determined that whether is more than 1 using the quantity of the different packet names of same signature in associated application;
If in associated application using same signature different packet names quantity be more than 1, i.e., different packet names using the same label
Name then further judges to whether there is incidence relation between the different packet names using the same signature;If using the same signature
Different packet names between be not present incidence relation, that is, illustrate these application be not belonging to the same developer, then judge these uses
The application of different packet names is pirate application, above-mentioned same signature is pirate signature;Selectively recorded in black list database
The packet name of same signature and the different application using the same signature, to be carried out more to the pirate signature in black list database
Newly, perfect.
In addition, in pirate another embodiment using detection method of the present invention, in associated application, passing through above-mentioned side
Formula can not be determined as the application of legal application or pirate application, can these applications that can not be judged be sent to legal exploitation
Person's client is judged by legal developer, and receives these applications that legal developer's client returns as legal application
Or the qualification result message of pirate application;Pass through white list data if identified have legal application according to the qualification result message
The legal application message of the legal application of library record;If identified have pirate application, pirate application is recorded by black list database
Pirate signature and packet name, to timely update to information black, in white list database.
Due to that may be difficult all signatures for being collected into each developer in practical application, it is possible to which developer has changed one
New business has used a signature newly developed, but has not been supplied to white list database, therefore, through the above way
It can not be determined as legal application or piracy in application, being supplied to legal developer to sentence these applications that can not be judged
It is disconnected, improve legal, pirate judging nicety rate and realizability.
Alternatively, in the pirate further embodiment using detection method of the present invention, in associated application, passing through above-mentioned side
Formula is determined as the application of legal application or pirate application, its sample can also be stored in sample database, and pass through ash
List data library record this can not judge application application related information, such as the packet name including the application, signature, version number,
Using source, using equipment, propagate quantity, so as to be supplied in the future developer or for further count.
Fig. 3 is the pirate flow chart using another embodiment of detection method of the present invention.As shown in figure 3, the embodiment
Method may include:
320, obtain the characteristic information respectively applied in associated application respectively, such as may include the packet name of application, signature and
Version number.
For example, can specifically be acquired from application market and user terminal by the cloud killing client on user terminal
The characteristic information respectively applied in associated application.
340, respectively using an application in associated application as current application, by inquiring black, white list database, know
Whether other current application is legal or pirate application.
If by white list database and black list database, it can not both determine that current application was legal application or can not
Determine that current application is that piracy operates 360 in application, executing.
360, the characteristic information of associated application is counted, the statistical information of associated application is obtained.
380, whether the statistical nature identification current application based on associated application is pirate application.
It should be noted that embodiment illustrated in fig. 3 can be in conjunction with any other one or more in addition to embodiment illustrated in fig. 1
A embodiment forms new embodiment, unless specially illustrating in the embodiment of the present invention, the operation of the various embodiments described above of the present invention is not
It is limited in the presence of sequencing is executed.
Further, the characteristic information of the application obtained by operation 320 can also include using source or using equipment,
Wherein, using source i.e. this apply and occurred in which application market, using equipment i.e. this apply on which user terminal
It installed and used.
Based on the present invention it is above-mentioned it is each it is pirate apply detection method embodiment, determine an application be it is pirate in application,
What can be applied according to the piracy uses facility information, and it is clear to notify that the use equipment that the piracy is applied carries out piracy application
Reason.
Specifically, being cleared up piracy application using the cloud killing client in equipment for pirate application can be notified,
And to the cloud killing client push piracy using corresponding legal application message;Piracy application uses the cloud killing in equipment
Client can clear up piracy application according to notice, and legal application message is shown on using equipment, so as to user
Give the download installation that the legal copy application message carries out legal application.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer read/write memory medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light
The various media that can store program code such as disk.
Fig. 4 is the pirate structural schematic diagram for applying detection device one embodiment of the present invention.The pirate application of the embodiment
Detection device can be used for realizing that the present invention is above-mentioned each pirate using detection method embodiment.As shown in figure 4, the piracy of the embodiment
Include recognition unit and first detection unit using detection device.Wherein:
Recognition unit, the legal application message for whether including current application by inquiring white list database, identification
Whether current application is legal application.One or more legal application message is stored in white list database therein, by certification
Mechanism and/or legal application developer provide, and every legal application message includes the packet name and signature of a legal application.
First detection unit, for identifying current application not and being legal in recognition unit in application, being based on associated application
Statistical nature identification current application whether be pirate application.Associated application therein includes current application and its related application;
Statistical nature includes the version quantity and/or propagation quantity of associated application.
Detection device is applied based on the piracy that the above embodiment of the present invention provides, it is legal by being stored in white list database
Application message includes the packet name and signature of legal application.When carrying out pirate application detection, first passes through white list database identification and work as
Whether preceding application is legal application, if it is legal application to identify current application not by white list database, is based on the application
Associated application statistical nature, for example, version quantity and/or propagate quantity, identification current application whether be pirate application, from
And realize the effective detection and identification to piracy application.
Fig. 5 is the pirate structural schematic diagram using another embodiment of detection device of the present invention.As shown in figure 5, with Fig. 4 institutes
The embodiment shown is compared, and the piracy of the embodiment further includes authentication database and authentication unit using detection device.Wherein:
Authentication database, for storing the user information for being authenticated to be legal application developer.
Authentication unit is authenticated developer for the user information by being stored in authentication database;And confirm
Developer by certification is legal application developer, and legal application message could be provided to white list database.
In pirate another embodiment using detection device of the invention, recognition unit can be also used for through blacklist number
Whether be pirate application according to library identification current application, be stored in black list database therein more than one pirate signature,
And the packet name of the pirate application using each pirate signature.Correspondingly, first detection unit is specifically identified in recognition unit
Current application is not legal application, nor pirate in application, executing the statistical nature identification current application based on associated application
Whether it is the pirate operation applied.
Fig. 6 is the pirate structural schematic diagram using another embodiment of detection device of the present invention.As shown in fig. 6, with Fig. 4 or
Embodiment shown in fig. 5 is compared, and the piracy of the embodiment further includes that fisrt feature information bank, the second detection are single using detection device
Member and the first updating unit.Wherein:
Fisrt feature information bank, for storing pre-set malice feature.
Second detection unit is legal application, nor pirate application for identifying current application not in recognition unit
When, whether detection current application carries pre-set malice feature;And detecting that it is special that current application carries malice
When sign, judgement current application is signed for the signature of pirate application, current application for piracy.
First updating unit is used for the judgement according to second detection unit as a result, being recorded in black list database current
The pirate signature and packet name of application.
Can also include second feature in the pirate further embodiment using detection device of the invention referring back to Fig. 6
Information bank and the second updating unit.Wherein:
Second feature information bank, for storing pre-set statistical indicator, statistical indicator numerical value include version number and/or
Propagate number.
First detection unit is specifically used for, according to pre-set statistical indicator, obtaining the statistical information of associated application, wraps
Include the statistical indicator numerical value of same application, including version quantity and/or propagation quantity;And decision statistic index value is maximum
Same application is legal applies.
Second updating unit, for being judged as a result, being recorded in white list database according to the judgement of first detection unit
For the legal application message of the same application of legal copy application.
Further, statistical information can also include that the different packet names of same signature are used in associated application.Referring back to figure
6, can also include judging unit, for judging that association is answered in pirate another embodiment using detection device of the invention
Whether it is more than 1 with the quantity of the middle different packet names using same signature;And if using the difference of same signature in associated application
The quantity of packet name is more than 1, judges to whether there is incidence relation between the different packet names using the same signature;If same using this
Incidence relation is not present between the different packet names of signature, judgement is that piracy is applied, same signature is using the application of different packet names
Piracy signature.Correspondingly, in the embodiment, the second updating unit can be additionally used in the judgement according to judging unit as a result, in black name
The packet name of same signature and the different application using the same signature is recorded in single database.
Referring back to Fig. 6, compared with the various embodiments described above of the present invention, in pirate another reality for applying detection device of the invention
It applies in example, can also include Transmit-Receive Unit and third updating unit.Wherein:
Transmit-Receive Unit is sent to just for that will can not be determined as the application of legal application or pirate application in associated application
Version developer's client, and receive in the associated application that legal developer's client returns and respectively answered using for legal application or piracy
Qualification result message.
Third updating unit, for according to qualification result message, if there is legal application in associated application, passing through white list number
The legal application message of legal application is recorded according to library;If there is pirate application in associated application, is recorded and stolen by black list database
The pirate signature and packet name of version application.
Fig. 7 is the pirate structural schematic diagram for applying detection device further embodiment of the present invention.As shown in fig. 7, the implementation
The piracy of example using in detection device, can also including storage unit, for can not be determined as in associated application legal application or
The application of piracy application, this is stored in sample database can not judge to apply, and this can not by gray list data-base recording
Judge application application related information, such as may include packet name, signature, version number, using source, using equipment, propagate number
Amount.
Can also include acquiring unit, for distinguishing in addition, in the above-mentioned piracy of the present invention is using detection device embodiment
The characteristic information respectively applied in associated application is obtained, includes packet name, signature and the version number of application, in addition it can selectively
Including application source or use equipment.Correspondingly, first detection unit is specifically used for counting characteristic information, is associated with
The statistical information of application.
In practical application, acquiring unit can specifically be adopted by cloud killing client from application market and user terminal
The characteristic information respectively applied in collection associated application.
Detection device embodiment, Transmit-Receive Unit is applied to can also be used to answer for piracy in one application of judgement based on above-mentioned piracy
Used time uses facility information according to piracy application, and it is clear to notify that the use equipment that the piracy is applied carries out piracy application
Reason, and can be selectively to the cloud killing client push piracy using corresponding legal application message.
Fig. 8 is the pirate structural schematic diagram for applying detecting system one embodiment of the present invention.The pirate application of the embodiment
Detecting system may include that the piracy of any of the above-described embodiment applies detection device, for realizing the above-mentioned each pirate application inspection of the present invention
Survey embodiment of the method.
Detecting system is applied based on the piracy that the above embodiment of the present invention provides, it can be by being stored in white list database
Legal application message includes the packet name and signature of legal application.When carrying out pirate application detection, white list database knowledge is first passed through
Whether other current application is legal application, if it is legal application to identify current application not by white list database, being based on should
The statistical nature of the associated application of application, for example, version quantity and/or propagation quantity, whether identification current application is that piracy is answered
With to realize effective detection and identification to piracy application.
As shown in figure 8, the piracy of the embodiment using being also an option that property of detecting system include white list database and/
Or black list database.Wherein:
White list database is stored with one or more legal application message, and every legal application message includes a legal copy
The packet name and signature of application;
Black list database is stored with more than one pirate signature and the pirate application using each pirate signature
Packet name.
Further include being located at user terminal in piracy of the invention applies another embodiment of detecting system referring back to Fig. 8
On cloud killing client, the cloud killing client such as can be mobile phone bodyguard, antivirus software, can from application market and
The characteristic information respectively applied in associated application is acquired on user terminal.In the embodiment:
Piracy is using the Transmit-Receive Unit in detection device, the cloud killing on user terminal for notifying the pirate application of installation
Client clears up piracy application, and to the cloud killing client push piracy using corresponding legal application message;
Cloud killing client for clearing up piracy application, and shows legal application message on using equipment, with
Just user gives the download installation that the legal copy application message carries out legal application.
As shown in figure 9, for the pirate structural schematic diagram using unified Application Example of detection system of the present invention.Specifically answering
In, piracy can specifically pass through a cloud killing engine implementation using detection device.
After legal developer provides its whole legal application and its signature, it is based on the embodiment of the present invention, can be helped open
Originator find its using itself in the pirate situation occurred on the market, that is, help developer find with it application signature it is different
Signature be all distributed in which place or which machine on occurred, its propagation quantity how many, we can also be sample
Originally it is supplied to developer.
An embodiment of the present invention provides following technical schemes:
1, a kind of pirate using detection method, including:
By inquiring whether white list database includes the legal application message of current application, identify current application whether be
Legal copy application;One or more legal application message is stored in the white list database, every legal application message includes one
The packet name and signature of a legal application;
If it is legal application to identify the current application not, the statistical nature identification based on associated application is described currently to answer
With whether being pirate application;The associated application includes the current application and its related application;The statistical nature includes institute
It states the version quantity of associated application and/or propagates quantity.
2, the method according to 1, the legal application message in the white list database is by certification authority and/or legal copy
Application developer provides.
3, the method according to 2 further includes:
Developer is authenticated by the user information stored in authentication database;
Developer by certification is legal application developer.
4, the method according to 1 further includes:
Identify whether the current application is pirate application by black list database;It is stored in the black list database
The packet name of pirate application there are one above pirate signature and using each pirate signature;
If it is legal application to identify the current application not, nor pirate application, execution is described to be based on associated application
Statistical nature identify the current application whether be pirate application operation.
5, the method according to 4 further includes:
If it is legal application to identify the current application not, nor whether pirate application, detection current application carry
There is pre-set malice feature;
If it is detected that current application carries malice feature, judgement current application be pirate application, current application signature
It signs for piracy;
The pirate signature and packet name of current application are recorded in black list database.
6, the method according to 1 to 5 any one, the statistical nature identification based on associated application is described currently to answer
With whether being that pirate application includes:
According to pre-set statistical indicator, the statistical information of the associated application is obtained, the statistical information includes same
The statistical indicator numerical value of one application, the statistical indicator numerical value include version quantity and/or propagation quantity;
The maximum same application of decision statistic index value is legal applies;
Record is determined as the legal application message of the same application of legal application in white list database.
7, the method according to 6, the statistical information further include that the difference of same signature is used in the associated application
Packet name;
The method further includes:
Judge whether the quantity of the different packet names in the associated application using same signature is more than 1;
If being more than 1 using the quantity of the different packet names of same signature in the associated application, judge to use the same signature
Different packet names between whether there is incidence relation;
If using incidence relation is not present between the different packet names of the same signature, judgement is answered using the different packet names
It is pirate signature with for piracy application, the same signature;
The packet name of the same signature and the different application using the same signature is recorded in black list database.
8, the method according to 4 to 7 any one further includes:
For that can not be determined as the application of legal application or pirate application in the associated application, it is sent to legal developer
Client, and respectively application is received in the associated application that legal developer's client returns as legal application or pirate application
Qualification result message;
According to qualification result message, if there is legal application in associated application, legal application is recorded by white list database
Legal application message;If there is pirate application in associated application, the pirate of pirate application is recorded by black list database and is signed
With packet name.
9, the method according to 4 to 7 any one further includes:
For that can not be determined as the application of legal application or pirate application in the associated application, deposited in sample database
Storing up this can not judge to apply, and this can not judge the application related information of application, the application by gray list data-base recording
Relevant information include packet name, signature, version number, using source, using equipment, propagate quantity.
10, the method according to 6 to 9 any one further includes:
The characteristic information respectively applied in the associated application is obtained respectively, and the characteristic information includes the packet name of application, label
Name and version number;
The statistical information for obtaining the associated application includes:The characteristic information is counted, the association is obtained and answers
Statistical information.
11, the method according to 10, the characteristic information further include using source or using equipment.
12, the method according to 10 or 11, the characteristic information for obtaining application include:By cloud killing client,
From acquiring the characteristic information respectively applied in the associated application in application market and user terminal.
13, the method according to 11 or 12 further includes:
It is applied for piracy in response to one application of judgement, facility information is used according to piracy application, notifies the piracy
The use equipment of application clears up piracy application.
14, the method according to 13, the use equipment for notifying the piracy to apply clear up piracy application
Including:
Notify being cleared up piracy application using the cloud killing client in equipment for the pirate application, and to the cloud
It is pirate using corresponding legal application message described in killing client push;
The pirate application clears up the pirate application using the cloud killing client in equipment, and described
Using the legal application message is shown in equipment, so that user gives the download peace that the legal copy application message carries out legal application
Dress.
15, a kind of pirate using detection device, including:
Recognition unit, the legal application message for whether including current application by inquiring white list database, identification
Whether current application is legal application;One or more legal application message, every legal copy are stored in the white list database
Application message includes the packet name and signature of a legal application;
First detection unit, for identifying the current application not and being legal copy in application, being based in the recognition unit
The statistical nature of associated application identifies whether the current application is pirate application;The associated application includes the current application
And its related application;The statistical nature includes the version quantity and/or propagation quantity of the associated application.
16, the device according to 15, legal application message in the white list database is by certification authority and/or just
Version application developer provides.
17, the device according to 2 further includes:
Authentication database, for the user information that authentication storage is legal application developer;
Authentication unit is authenticated developer for the user information by being stored in authentication database;And confirm
Developer by certification is legal application developer.
18, the device according to 15, the recognition unit are additionally operable to identify by black list database and described currently answer
With whether being pirate application;More than one pirate signature is stored in the black list database and using each pirate
The packet name of the pirate application of signature;
The first detection unit, specifically the recognition unit identify the current application not and be legal application,
It is not pirate in application, executing the statistical nature based on associated application identifies whether the current application is pirate application
Operation.
19, the device according to 18 further includes:
Fisrt feature information bank, for storing pre-set malice feature;
Second detection unit is legal application, nor piracy for identifying the current application not in recognition unit
In application, whether detection current application carries pre-set malice feature;And detecting that current application carries evil
When feature of anticipating, judgement current application is signed for the signature of pirate application, current application for piracy;
First updating unit is used for the judgement according to second detection unit as a result, being recorded in black list database current
The pirate signature and packet name of application.
20, the device according to 15 to 19 any one further includes:
Second feature information bank, for storing pre-set statistical indicator, the statistical indicator numerical value includes version number
And/or propagate number;
The first detection unit is specifically used for, according to pre-set statistical indicator, obtaining the system of the associated application
Count information, the statistical information includes the statistical indicator numerical value of same application, the statistical indicator numerical value include version quantity and/
Or propagate quantity;And the maximum same application of decision statistic index value is legal applies;
Second updating unit, for being judged as a result, being recorded in white list database according to the judgement of first detection unit
For the legal application message of the same application of legal copy application.
21, the device according to 20, the statistical information further include using same signature not in the associated application
With packet name;
Described device further includes:
Judging unit, for judging whether the quantity of the different packet names in the associated application using same signature is more than 1;
And if in the associated application using same signature different packet names quantity be more than 1, judge using the same signature not
With between packet name whether there is incidence relation;If using incidence relation, judgement are not present between the different packet names of the same signature
Application using the different packet names is pirate application, the same signature is pirate signature;
Second updating unit is additionally operable to the judgement according to judging unit as a result, recording institute in black list database
State the packet name of same signature and the different application using the same signature.
22, the device according to 18 to 21 any one further includes:
Transmit-Receive Unit is sent for that will can not be determined as the application of legal application or pirate application in the associated application
To legal developer's client, and receives in the associated application that legal developer's client returns and respectively applied using to be legal
Or the qualification result message of pirate application;
Third updating unit, for according to the qualification result message, if there is legal application in associated application, passing through white name
The legal application message of the legal application of single database record;If there is pirate application in associated application, remembered by black list database
The pirate signature and packet name of the pirate application of record.
23, the device according to 18 to 21 any one further includes:
Storage unit, for that can not be determined as the application of legal application or pirate application in the associated application, in sample
This is stored in database can not judge to apply, and this can not judge the related letter of the application of application by gray list data-base recording
Breath, the application related information include packet name, signature, version number, using source, using equipment, propagate quantity.
24, the device according to 20 to 23 any one further includes:
Acquiring unit, for obtaining the characteristic information respectively applied in the associated application respectively, the characteristic information includes
Packet name, signature and the version number of application;
The first detection unit obtains the system of the associated application specifically for being counted to the characteristic information
Count information.
25, the device according to 24, the characteristic information further include using source or using equipment.
26, the device according to 24 or 25, the acquiring unit, especially by cloud killing client, from application market
With the characteristic information respectively applied in the associated application is acquired on user terminal.
27, the device according to 25 or 26, the Transmit-Receive Unit are additionally operable to judging an application for piracy application
When, facility information is used according to piracy application, the use equipment that the piracy is applied is notified to clear up piracy application.
28, the device according to 27, the Transmit-Receive Unit are additionally operable to pirate application described in the cloud killing client push
Corresponding legal copy application message.
29, it is a kind of it is pirate apply detecting system, including the piracy described in 15 to 28 any one applies detection device.
30, the system according to 29 further includes:
White list database is stored with one or more legal application message, and every legal application message includes a legal copy
The packet name and signature of application;And/or
Black list database is stored with more than one pirate signature and the pirate application using each pirate signature
Packet name.
31, the system according to 29 or 30 further includes the cloud killing client being located on user terminal;
The piracy applies the Transmit-Receive Unit in detection device, on the user terminal for notifying the pirate application of installation
Cloud killing client clears up piracy application, and is answered to pirate described in the cloud killing client push using corresponding legal copy
Use information;
The cloud killing client for clearing up the pirate application, and shows institute on the user terminal
Legal application message is stated, so that user gives the download installation that the legal copy application message carries out legal application.
Each embodiment is described in a progressive manner in this specification, the highlights of each of the examples are with its
The difference of its embodiment, same or analogous part cross-reference between each embodiment.For system embodiment
For, since it is substantially corresponding with embodiment of the method, so description is fairly simple, referring to the portion of embodiment of the method in place of correlation
It defends oneself bright.
The methods, devices and systems of the present invention may be achieved in many ways.For example, software, hardware, firmware can be passed through
Or any combinations of software, hardware, firmware come realize the present invention methods, devices and systems.The step of for the method
Said sequence merely to illustrate, the step of method of the invention, is not limited to sequence described in detail above, unless with
Other manner illustrates.In addition, in some embodiments, also the present invention can be embodied as to record journey in the recording medium
Sequence, these programs include for realizing machine readable instructions according to the method for the present invention.Thus, the present invention also covers storage and uses
In the recording medium for executing program according to the method for the present invention.
Description of the invention provides for the sake of example and description, and is not exhaustively or will be of the invention
It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.It selects and retouches
It states embodiment and is to more preferably illustrate the principle of the present invention and practical application, and those skilled in the art is enable to manage
Various embodiments with various modifications of the solution present invention to design suitable for special-purpose.
Claims (27)
1. a kind of pirate using detection method, which is characterized in that including:
Whether include the legal application message of current application by inquiring white list database, whether identification current application is legal
Using;Be stored with one or more legal application message in the white list database, every legal application message include one just
The packet name and signature of version application;
If it is that legal application obtains the system of associated application according to pre-set statistical indicator to identify the current application not
Count information, the statistical information includes the statistical indicator numerical value of same application, the statistical indicator numerical value include version quantity and/
Or propagate quantity;The associated application includes the current application and its related application, and the related application includes at least difference
Developer's exploitation function is similar, the same or similar application of Apply Names;
The maximum same application of decision statistic index value is legal applies;
Record is determined as the legal application message of the same application of legal application in white list database;
Identify whether the current application is pirate application by black list database;It is stored with one in the black list database
A above pirate signature and the packet name of the pirate application using each pirate signature;
If it is legal application to identify the current application not, nor pirate application, it is special to execute the statistics based on associated application
Sign identifies whether the current application is the pirate operation applied, and the statistical nature includes at least the version quantity of associated application
And/or propagate quantity.
2. according to the method described in claim 1, it is characterized in that, the legal application message in the white list database is by recognizing
It demonstrate,proves mechanism and/or legal application developer provides.
3. according to the method described in claim 2, it is characterized in that, further including:
Developer is authenticated by the user information stored in authentication database;
Developer by certification is legal application developer.
4. according to the method described in claim 1, it is characterized in that, further including:
If it is legal application to identify the current application not, nor pirate application, it is pre- whether detection current application carries
The malice feature being first arranged;
If it is detected that current application carries malice feature, judgement current application is robber for the signature of pirate application, current application
Version signature;
The pirate signature and packet name of current application are recorded in black list database.
5. according to the method described in claim 1, it is characterized in that, the statistical information further includes being used in the associated application
The different packet names of same signature;
The method further includes:
Judge whether the quantity of the different packet names in the associated application using same signature is more than 1;
If being more than 1 using the quantity of the different packet names of same signature in the associated application, judge using the same signature not
With between packet name whether there is incidence relation;
If using incidence relation is not present between the different packet names of the same signature, judgement is using the application of the different packet names
Piracy application, the same signature are pirate signature;
The packet name of the same signature and the different application using the same signature is recorded in black list database.
6. according to the method described in claim 4 to 5 any one, which is characterized in that further include:
For that can not be determined as the application of legal application or pirate application in the associated application, it is sent to legal developer client
It holds, and receives in the associated application of legal developer's client return respectively using the identification applied for legal copy or piracy is applied
Results messages;
According to qualification result message, if there is legal application in associated application, legal application is being recorded just by white list database
Version application message;If there is pirate application in associated application, the pirate signature and packet of pirate application are recorded by black list database
Name.
7. according to the method described in claim 4 to 5 any one, which is characterized in that further include:
For that can not be determined as the application of legal application or pirate application in the associated application, storage should in sample database
It can not judge to apply, and this can not judge that the application related information of application, the application are related by gray list data-base recording
Information include packet name, signature, version number, using source, using equipment, propagate quantity.
8. according to the method described in claim 6, it is characterized in that, further including:
Obtain the characteristic information respectively applied in the associated application respectively, the characteristic information include the packet name of application, signature and
Version number;
The statistical information for obtaining the associated application includes:The characteristic information is counted, the associated application is obtained
Statistical information.
9. according to the method described in claim 8, it is characterized in that, the characteristic information further includes being set using source or use
It is standby.
10. method according to claim 8 or claim 9, which is characterized in that it is described obtain application characteristic information include:Pass through
Cloud killing client, from acquiring the characteristic information respectively applied in the associated application in application market and user terminal.
11. according to the method described in claim 10, it is characterized in that, further including:
It is applied for piracy in response to one application of judgement, facility information is used according to piracy application, the piracy is notified to apply
Use equipment to the piracy application clear up.
12. according to the method for claim 11, which is characterized in that the use equipment for notifying the piracy to apply is to the robber
Version application carries out cleaning:
Notify being cleared up piracy application using the cloud killing client in equipment for the pirate application, and to the cloud killing
It is pirate using corresponding legal application message described in client push;
The pirate application clears up the pirate application using the cloud killing client in equipment, and in the use
The legal application message is shown in equipment, so that user gives the download installation that the legal copy application message carries out legal application.
13. a kind of pirate using detection device, which is characterized in that including:
Recognition unit, the legal application message for whether including current application by inquiring white list database, identification are current
Using whether being legal application;One or more legal application message, every legal application are stored in the white list database
Information includes the packet name and signature of a legal application;
Second feature information bank, for storing pre-set statistical indicator;
First detection unit, for identifying the current application not and being legal copy in application, according to advance in the recognition unit
The statistical indicator of setting obtains the statistical information of associated application, and the statistical information includes the statistical indicator numerical value of same application,
The statistical indicator numerical value includes version number and/or propagation number;And the maximum same application of decision statistic index value is just
Version application;The associated application includes the current application and its related application, and the related application includes at least different exploitations
Person's exploitation function is similar, the same or similar application of Apply Names, the application of the different editions of same developer's exploitation, packet name
With certain associated application;
Second updating unit, for being determined as just as a result, being recorded in white list database according to the judgement of first detection unit
The legal application message of the same application of version application;
The recognition unit is additionally operable to identify whether the current application is pirate application by black list database;It is described black
The packet name of more than one pirate signature and the pirate application using each pirate signature is stored in list data library;
The first detection unit, specifically the recognition unit identify the current application not and be legal application, nor
Piracy identifies whether the current application is the pirate operation applied, institute in application, executing the statistical nature based on associated application
Statistical nature is stated including at least the version quantity of associated application and/or propagates quantity.
14. device according to claim 13, which is characterized in that legal application message in the white list database by
Certification authority and/or legal application developer provide.
15. device according to claim 14, which is characterized in that further include:
Authentication database, for the user information that authentication storage is legal application developer;
Authentication unit is authenticated developer for the user information by being stored in authentication database;And it is identified through
The developer of certification is legal application developer.
16. device according to claim 13, which is characterized in that further include:
Fisrt feature information bank, for storing pre-set malice feature;
Second detection unit is legal application, nor pirate application for identifying the current application not in recognition unit
When, whether detection current application carries pre-set malice feature;And detecting that it is special that current application carries malice
When sign, judgement current application is signed for the signature of pirate application, current application for piracy;
First updating unit, for according to the judgement of second detection unit as a result, recording current application in black list database
Pirate signature and packet name.
17. device according to claim 13, which is characterized in that the statistical information further includes making in the associated application
With the different packet names of same signature;
Described device further includes:
Judging unit, for judging whether the quantity of the different packet names in the associated application using same signature is more than 1;And
If being more than 1 using the quantity of the different packet names of same signature in the associated application, the different packets using the same signature are judged
It whether there is incidence relation between name;If using incidence relation is not present between the different packet names of the same signature, judgement uses
The application of the difference packet name is pirate application, the same signature is pirate signature;
Second updating unit is additionally operable to the judgement according to judging unit as a result, being recorded in black list database described same
The packet name of one signature and the different application using the same signature.
18. according to the device described in claim 16 to 17 any one, which is characterized in that further include:
Transmit-Receive Unit is sent to just for that will can not be determined as the application of legal application or pirate application in the associated application
Version developer's client, and receive in the associated application that legal developer's client returns respectively application as legal application or steal
The qualification result message of version application;
Third updating unit, for according to the qualification result message, if there is legal application in associated application, passing through white list number
The legal application message of legal application is recorded according to library;If there is pirate application in associated application, is recorded and stolen by black list database
The pirate signature and packet name of version application.
19. according to the device described in claim 16 to 17 any one, which is characterized in that further include:
Storage unit, for that can not be determined as the application of legal application or pirate application in the associated application, in sample data
This is stored in library can not judge to apply, and this can not judge the application related information of application, institute by gray list data-base recording
State application related information include packet name, signature, version number, using source, using equipment, propagate quantity.
20. device according to claim 18, which is characterized in that further include:
Acquiring unit, for obtaining the characteristic information respectively applied in the associated application respectively, the characteristic information includes application
Packet name, signature and version number;
The first detection unit obtains the statistics letter of the associated application specifically for being counted to the characteristic information
Breath.
21. device according to claim 20, which is characterized in that the characteristic information further includes being set using source or use
It is standby.
22. the device according to claim 20 or 21, which is characterized in that the acquiring unit, especially by cloud killing visitor
Family end, from acquiring the characteristic information respectively applied in the associated application in application market and user terminal.
23. device according to claim 22, which is characterized in that the Transmit-Receive Unit is additionally operable in one application of judgement
For piracy in application, using facility information according to piracy application, the use equipment that the piracy is applied is notified to answer the piracy
With being cleared up.
24. device according to claim 23, which is characterized in that the Transmit-Receive Unit is additionally operable to the cloud killing client
Push the corresponding legal application message of the pirate application.
25. a kind of pirate using detecting system, which is characterized in that answered including the piracy described in claim 13 to 24 any one
Use detection device.
26. system according to claim 25, which is characterized in that further include:
White list database, is stored with one or more legal application message, and every legal application message includes a legal application
Packet name and signature;And/or
Black list database is stored with more than one pirate signature and the packet of the pirate application using each pirate signature
Name.
27. the system according to claim 25 or 26, which is characterized in that further include the cloud killing visitor being located on user terminal
Family end;
The piracy applies the Transmit-Receive Unit in detection device, and the cloud on user terminal for notifying the pirate application of installation is looked into
It kills client to clear up piracy application, and to piracy described in the cloud killing client push using corresponding legal application letter
Breath;
The cloud killing client, for clearing up the pirate application, and show on the user terminal it is described just
Version application message, so that user gives the download installation that the legal copy application message carries out legal application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510812589.XA CN105488361B (en) | 2015-11-20 | 2015-11-20 | Piracy applies detection method and device, system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510812589.XA CN105488361B (en) | 2015-11-20 | 2015-11-20 | Piracy applies detection method and device, system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105488361A CN105488361A (en) | 2016-04-13 |
| CN105488361B true CN105488361B (en) | 2018-09-25 |
Family
ID=55675336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510812589.XA Expired - Fee Related CN105488361B (en) | 2015-11-20 | 2015-11-20 | Piracy applies detection method and device, system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105488361B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107563195A (en) * | 2016-07-01 | 2018-01-09 | 中国电信股份有限公司 | Reduce the method and apparatus that APP beats again bag identifying system rate of false alarm |
| CN107220527A (en) * | 2017-04-18 | 2017-09-29 | 努比亚技术有限公司 | One kind application discriminating method and application management equipment |
| CN108234729B (en) * | 2017-12-25 | 2020-10-02 | 深圳回收宝科技有限公司 | Method for adjusting verification model, verification method, server and storage medium |
| CN108416192A (en) * | 2018-03-01 | 2018-08-17 | 中国工商银行股份有限公司 | A kind of device and method of detection personation enterprise application |
| CN110287087B (en) * | 2018-03-19 | 2023-06-13 | 百度在线网络技术(北京)有限公司 | Method and device for detecting application |
| CN110688626A (en) * | 2018-07-04 | 2020-01-14 | 中国移动通信集团有限公司 | Pirate application detection method and device, electronic equipment and storage medium |
| CN109684788A (en) * | 2018-12-29 | 2019-04-26 | 上海上讯信息技术股份有限公司 | A kind of mobile application channel monitoring system and method Internet-based |
| CN110058871A (en) * | 2019-04-23 | 2019-07-26 | 湖南快乐阳光互动娱乐传媒有限公司 | Method and system for detecting illegal decompilation of program and updating formal version |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102985928A (en) * | 2010-07-13 | 2013-03-20 | F-赛酷公司 | Identifying polymorphic malware |
| CN103441848A (en) * | 2013-08-16 | 2013-12-11 | 广东欧珀移动通信有限公司 | Application authentication method and system of mobile terminal |
| CN104133832A (en) * | 2014-05-15 | 2014-11-05 | 腾讯科技(深圳)有限公司 | Pirate application identification method and device |
| CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
| CN104951675A (en) * | 2014-03-31 | 2015-09-30 | 北京金山网络科技有限公司 | Pirate application recognition method and system |
-
2015
- 2015-11-20 CN CN201510812589.XA patent/CN105488361B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102985928A (en) * | 2010-07-13 | 2013-03-20 | F-赛酷公司 | Identifying polymorphic malware |
| CN103441848A (en) * | 2013-08-16 | 2013-12-11 | 广东欧珀移动通信有限公司 | Application authentication method and system of mobile terminal |
| CN104951675A (en) * | 2014-03-31 | 2015-09-30 | 北京金山网络科技有限公司 | Pirate application recognition method and system |
| CN104133832A (en) * | 2014-05-15 | 2014-11-05 | 腾讯科技(深圳)有限公司 | Pirate application identification method and device |
| CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105488361A (en) | 2016-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105488361B (en) | Piracy applies detection method and device, system | |
| Arp et al. | Dos and don'ts of machine learning in computer security | |
| Kharraz et al. | Surveylance: Automatically detecting online survey scams | |
| US10009358B1 (en) | Graph based framework for detecting malicious or compromised accounts | |
| CN109241711B (en) | User behavior identification method and device based on prediction model | |
| Ceccato et al. | A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques | |
| CN105426706B (en) | Piracy applies detection method and device, system | |
| US8826427B2 (en) | Detecting surreptitious spyware | |
| CN110324311A (en) | Method, apparatus, computer equipment and the storage medium of Hole Detection | |
| Zhao et al. | Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services. | |
| Cho et al. | An empirical study of click fraud in mobile advertising networks | |
| Moore et al. | Economics and internet security: a survey of recent analytical, empirical, and behavioral research | |
| CN107766728A (en) | Mobile application security managing device, method and mobile operation safety protection system | |
| CN107181745A (en) | Malicious messages recognition methods, device, equipment and computer-readable storage medium | |
| US11424993B1 (en) | Artificial intelligence system for network traffic flow based detection of service usage policy violations | |
| CN106372524A (en) | Personally identifiable information (PII) disclosure detection | |
| CN109639646A (en) | Internet of Things safety detection method and system based on block chain | |
| Cho et al. | Combating online fraud attacks in mobile-based advertising | |
| CN109635523A (en) | Application program detection method, device and computer readable storage medium | |
| Hu et al. | Membership inference via backdooring | |
| CN109214177A (en) | A kind of anti-fake system of internet finance | |
| CN107483386A (en) | Analyze the method and device of network data | |
| CN105760761A (en) | Software behavior analyzing method and device | |
| Manzuik et al. | Network security assessment: from vulnerability to patch | |
| KR101854981B1 (en) | Method for generating data set for cyber warface exercise and technology verification and apparatus thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220725 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180925 |