CN105871657A - System and method for network data monitoring based on Android platform - Google Patents
System and method for network data monitoring based on Android platform Download PDFInfo
- Publication number
- CN105871657A CN105871657A CN201610262516.2A CN201610262516A CN105871657A CN 105871657 A CN105871657 A CN 105871657A CN 201610262516 A CN201610262516 A CN 201610262516A CN 105871657 A CN105871657 A CN 105871657A
- Authority
- CN
- China
- Prior art keywords
- application
- module
- bag
- network
- network data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The invention provides a system and method for network data monitoring based on an Android platform and belongs to the field of mobile security of Android platforms. The system for network data monitoring based on the Android platform comprises an application package analysis module, a network data flow acquisition filter module and a key data discovery and judgment module. The application package analysis module serving as a network data flow acquisition module acquires a judgment basis of a designated data packet; by acquiring a system ROOT permission, the network data flow acquisition filter module acquires a network data package of a designated object transmitted by an application analysis package module on a data communication network layer, and obtained results are handed over to the key data discovery and judgment module; and the key data discovery and judgment module analyzes, judges and extracts key data in the network data package through a preliminary definition judgment policy library, and forms a final result.
Description
Technical field
The present invention relates to Android platform mobile security field, particularly relate to a kind of based on Android platform
Network Data Control system and method.
Background technology
Along with becoming increasingly popular of mobile device, the quick growth of Mobile solution, the safety of Mobile solution software is asked
Topic is paid close attention to by increasing user, and App review mechanism of reaching the standard grade in Android market is simple, and it is hidden that some gather users
The application of private data is blended in application market, and privacy, the property of user is produced security threat.City now
Automatic network data monitoring system and the method for Android platform, existing network data also it is not based in Chang
Monitoring analysis is substantially manual Network Data Control manual analysis, and such cost of labor is the highest, it is impossible to meet
The demand for security of Mobile solution software.
Summary of the invention
It is an object of the invention to provide a kind of Network Data Control system and method based on Android platform,
Thus solve foregoing problems present in prior art.
To achieve these goals, the technical solution used in the present invention is as follows:
A kind of network data detecting system based on Android platform, including: Mobile solution bag privilege analysis mould
Block, startup information analysis module installed by application bag and module is analyzed in application monitoring;
Described Mobile solution bag privilege analysis module, disassembles application bag, passes through
AndroidManifest.xml detects the System Privileges should having after described application bag is installed;
Described application bag is installed and is started information analysis module, and after described application bag is installed and started, analyzing should
IP address with the equipment of the described application of shared pid, uid, port information and installation;
Module is analyzed in described application monitoring, by described IP address and described port information are analyzed, and inspection
Survey after startup installed by described application bag and whether the personal information of user is uploaded to remote server and reveals user
Information, detection is uploaded the authority whether information is given beyond user, is detected whether described application contains inside
Put forward power function.
Preferred described personal information includes: note, multimedia message, video and audio frequency.
Network Data Control system based on Android platform includes: application Packet analyzing module, network data flow
Amount obtains filtering module and critical data finds judge module;
Described application Packet analyzing module, obtains the judgement specifying packet as network traffic data acquisition module
Foundation;
Described network traffic data acquisition filtering module is by obtaining system ROOT authority, at data communication network
The network packet specifying object that the transmission of analytic application bag module is come by layer obtains, and obtains result and transfers to
Described critical data finds judge module;
Described critical data finds judge module, passes through the critical data in the described network packet obtained
Pre-defined determination strategy storehouse is analyzed, judges and wins, and forms final result.
Preferably, described Network Data Control system based on Android platform be according to described based on
The network data detecting system of Android platform makes.
Preferably, described application Packet analyzing module, described network traffic data obtain filtering module and described pass
Key data finds that judge module is all realized by python language design.
A kind of method of Network Data Control based on Android platform, comprises the following steps:
The IP address of S1, system start-up, the essential information extracting application bag and the equipment installing this application;
S2, carries out decompiling to described application bag and disassembles, by acquisition after decompiling
AndroidManifest.xml file resolves, and obtains all of authority of this application;
S3, has installed described application the most in detection equipment;
S4, if having installed described application, first unloading described application, then being installed and activated described application, if not
Described application is installed, is installed and activated described application;
S5, detects whether described application starts successfully, if starting successfully, jumps to S6, if time-out does not detects
Successfully start up to this applying detection, extremely exit;
S6, obtains the pid obtained in the process of equipment after described application starts;
S7, by read device interior /proc/pid/cgroup file acquisition uid;
S8, by right/proc/net/tcp file and the resolved detection of/tcp/net/tcp6 file, analyzes it
In containing the information of described uid, without repeating to extract port numbers;
S9, captures described port numbers and the network traffic data bag of described IP address at android end;
S10, resolves described network traffic data bag at PC end, detect described apply start on equipment after certain
Whether userspersonal information is transmitted to remote server in time;If described apply on equipment start after one
Do not transmit userspersonal information to remote server in fixing time, log off and submit safety message to,
If described application transmits userspersonal information to remote server in certain time after startup on equipment,
Then jump to S11;
S11, detection authority corresponding to user profile whether with described application this in
Authority in AndroidManifest.xml is consistent, if unanimously, logs off and submits dangerous report to;If no
Unanimously, described application is internal may log off containing carrying power code and submit dangerous report to.
Preferably, the essential information of bag is applied to include applying bag name, starting act ivi ty and version described in S1
Number.
Preferably, S5 use circulation finite number of time detect whether described application starts successfully.
Preferably, in S9, capture described port numbers and described by the tcpdump instrument of described android end
The network traffic data bag of IP address.
Preferably, in S10, resolved the flow bag captured by tshark instrument at described PC end.
The invention has the beneficial effects as follows: the crawl Mobile solution being realized a kind of automatization by the present invention is being run
During the network flow data bag uploaded, automatically analyze in the data of crawl whether there is privacy leakage, from
And ensure that the safety of Mobile solution software.
Accompanying drawing explanation
Fig. 1 is the service chart of present invention Network Data Control based on Android platform system.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing, right
The present invention is further elaborated.Should be appreciated that detailed description of the invention described herein only in order to
Explain the present invention, be not intended to limit the present invention.
The principle of native system is as follows:
1, native system is by carrying out turning with the data on flows bag received by specifying application network transmission to send in real time
Deposit, carry out data traffic detection, check that user's local data is uploaded the long-range clothes of application the most without permission
Business device end.
2, network data detecting system is divided into three parts, including: Mobile solution bag privilege analysis module, two are
Startup information analysis module installed by application bag and module is analyzed in application monitoring.
3, described Mobile solution bag privilege analysis module is by disassembling application bag, passes through
AndroidManifest.xml detects the System Privileges should having after this application is installed.
4, after described application bag installation startup information analysis module is by application bag installation startup, this application institute
The information such as the pid that takies, uid, port, and the IP address of the equipment of this application is installed.
5, described application monitoring analyzes module by appointment IP, the information of the acquisition of port, detecting this application
Install start after whether personal information to user, such as note, multimedia message, video, audio frequency etc., upload remote
Journey server, reveals user profile;Detection uploads whether information exceeds beyond the authority that user is given, inspection
Survey this application whether to contain inside and put forward power function.
6, Network Data Control system based on Android platform includes: application Packet analyzing module, network number
Obtain filtering module according to flow and critical data finds judge module;
7, described application Packet analyzing module, is realized by python language design, obtains as network traffic data
Delivery block obtains the basis for estimation specifying packet;
8, described network traffic data obtains filtering module, is realized by python language design, by obtaining
System ROOT authority, is operated in data communication network network layers correspondence and resolves the next appointment object of bag module transmission
Packet obtains, and obtains result and transfers to critical data to find judge module;
9, described critical data finds judge module, is realized by python language design, to obtaining network number
It is analyzed according to the critical data in bag by pre-defined determination strategy storehouse, judges and wins, formed final
Result.
Implementing of Network Data Control system based on Android platform is as follows with work process:
1, start system, extract the essential information of application bag, such as application bag name, start act ivity, version
Number etc., and the IP address of the equipment of this application to be installed.
2, application bag is carried out decompiling to disassemble, by the AndroidManifest.xml obtained after decompiling
File resolves, and obtains all of authority of this application.
3, detection equipment having been installed this application the most: if installing, first having unloaded that to be installed and activated afterwards (be anti-
The only installation kit on mobile phone and to be detected inconsistent);If not installing, it is installed and activated.
4, whether the application on circulation finite number of time detection equipment starts successfully, if starting successfully, enters next
Step.Time-out is not detected by this applying detection and successfully starts up, and extremely exits.
5, the pid obtained in the process of equipment after this application starts is obtained.
6, by device interior /proc/pid/cgroup obtains uid.
7, by right/proc/net/tcp and the resolved detection of/tcp/net/tcp6, analysis wherein contains above-mentioned
The information of uid, without repeating to extract port numbers.
8, appointment transmitting terminal IP and the flow of above-mentioned port are captured in limited time by the tcpdump instrument of android end
Wrap and be passed to PC end.
9, resolved the flow bag captured at PC end by tshark, detect this and apply on equipment certain after startup
Whether userspersonal information is transmitted to remote server in time.If having, corresponding to detection user profile
Whether authority is the most consistent with this authority in AndroidManifest.xml of this application: if consistent, exit and is
Unite and submit dangerous report to;If inconsistent, may log off containing carrying power code and carry inside this application
Hand over danger report.If nothing, log off and submit safety message to.
By using technique scheme disclosed by the invention, obtain following beneficial effect: by this
The bright network flow data bag that Mobile solution is uploaded in running that captures realizing a kind of automatization, automatically
Analyze in the data captured and whether there is privacy leakage, thus ensure that the safety of Mobile solution software.
The above is only the preferred embodiment of the present invention, it is noted that common for the art
For technical staff, under the premise without departing from the principles of the invention, it is also possible to make some improvements and modifications,
These improvements and modifications also should regard protection scope of the present invention.
Claims (10)
1. a network data detecting system based on Android platform, it is characterised in that including: mobile
Application bag privilege analysis module, startup information analysis module installed by application bag and module is analyzed in application monitoring;
Described Mobile solution bag privilege analysis module, disassembles application bag, passes through
AndroidManifest.xml detects the System Privileges should having after described application bag is installed;
Described application bag is installed and is started information analysis module, and after described application bag is installed and started, analyzing should
IP address with the equipment of the described application of shared pid, uid, port information and installation;
Module is analyzed in described application monitoring, by described IP address and described port information are analyzed, and inspection
Survey after startup installed by described application bag and whether the personal information of user is uploaded to remote server and reveals user
Information, detection is uploaded the authority whether information is given beyond user, is detected whether described application contains inside
Put forward power function.
A kind of network data detecting system based on Android platform the most according to claim 1, it is special
Levying and be, described personal information includes: note, multimedia message, video and audio frequency.
3. a Network Data Control system based on Android platform, it is characterised in that including: application
Packet analyzing module, network traffic data obtain filtering module and critical data finds judge module;
Described application Packet analyzing module, obtains the judgement specifying packet as network traffic data acquisition module
Foundation;
Described network traffic data acquisition filtering module is by obtaining system ROOT authority, at data communication network
The network packet specifying object that the transmission of analytic application bag module is come by layer obtains, and obtains result and transfers to
Described critical data finds judge module;
Described critical data finds judge module, passes through the critical data in the described network packet obtained
Pre-defined determination strategy storehouse is analyzed, judges and wins, and forms final result.
A kind of Network Data Control system based on Android platform the most according to claim 3, it is special
Levying and be, described Network Data Control system based on Android platform is to put down based on Android according to described
The network data detecting system of platform makes.
A kind of Network Data Control system based on Android platform the most according to claim 3, it is special
Levying and be, described application Packet analyzing module, described network traffic data obtain filtering module and described pass bond number
It is found that judge module is all realized by python language design.
6. the method for a Network Data Control based on Android platform, it is characterised in that include following
Step:
The IP address of S1, system start-up, the essential information extracting application bag and the equipment installing this application;
S2, carries out decompiling to described application bag and disassembles, by acquisition after decompiling
AndroidManifest.xml file resolves, and obtains all of authority of this application;
S3, has installed described application the most in detection equipment;
S4, if having installed described application, first unloading described application, then being installed and activated described application, if not
Described application is installed, is installed and activated described application;
S5, detects whether described application starts successfully, if starting successfully, jumps to S6, if time-out does not detects
Successfully start up to this applying detection, extremely exit;
S6, obtains the pid obtained in the process of equipment after described application starts;
S7, by read device interior /proc/pid/cgroup file acquisition uid;
S8, by right/proc/net/tcp file and the resolved detection of/tcp/net/tcp6 file, analyzes it
In containing the information of described uid, without repeating to extract port numbers;
S9, captures described port numbers and the network traffic data bag of described IP address at android end;
S10, resolves described network traffic data bag at PC end, detect described apply start on equipment after certain
Whether userspersonal information is transmitted to remote server in time;If described apply on equipment start after one
Do not transmit userspersonal information to remote server in fixing time, log off and submit safety message to,
If described application transmits userspersonal information to remote server in certain time after startup on equipment,
Then jump to S11;
S11, detection authority corresponding to user profile whether with described application this in
Authority in AndroidManifest.xml is consistent, if unanimously, logs off and submits dangerous report to;If no
Unanimously, described application is internal may log off containing carrying power code and submit dangerous report to.
The method of a kind of Network Data Control based on Android platform the most according to claim 6, its
It is characterised by, described in S1, applies the essential information of bag to include applying bag name, starting activity and version number.
The method of a kind of Network Data Control based on Android platform the most according to claim 6, its
It is characterised by, S5 uses circulation finite number of time detect whether described application starts successfully.
The method of a kind of Network Data Control based on Android platform the most according to claim 6, its
It is characterised by, in S9, captures described port numbers and described IP by the tcpdump instrument of described android end
The network traffic data bag of address.
The method of a kind of Network Data Control based on Android platform the most according to claim 6,
It is characterized in that, in S10, resolved the flow bag captured by tshark instrument at described PC end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610262516.2A CN105871657B (en) | 2016-04-25 | 2016-04-25 | A kind of Network Data Control system and method based on Android platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610262516.2A CN105871657B (en) | 2016-04-25 | 2016-04-25 | A kind of Network Data Control system and method based on Android platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105871657A true CN105871657A (en) | 2016-08-17 |
CN105871657B CN105871657B (en) | 2019-08-30 |
Family
ID=56629264
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610262516.2A Expired - Fee Related CN105871657B (en) | 2016-04-25 | 2016-04-25 | A kind of Network Data Control system and method based on Android platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105871657B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107579995A (en) * | 2017-09-30 | 2018-01-12 | 北京奇虎科技有限公司 | The network protection method and device of onboard system |
CN108280343A (en) * | 2017-01-06 | 2018-07-13 | 广州市动景计算机科技有限公司 | The method, apparatus and system of application security are detected under Android environment |
CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
CN110519293A (en) * | 2019-09-10 | 2019-11-29 | 北京锐安科技有限公司 | A kind of message test method, device, equipment and storage medium |
CN111147423A (en) * | 2018-11-02 | 2020-05-12 | 千寻位置网络有限公司 | Risk sensing method and device and monitoring system |
CN111988239A (en) * | 2020-08-21 | 2020-11-24 | 哈尔滨工业大学 | Method for acquiring pure software flow for Android application |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327183A (en) * | 2013-06-13 | 2013-09-25 | 中国科学院信息工程研究所 | Black box protecting method and system for private data of Android user based on tag |
CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
-
2016
- 2016-04-25 CN CN201610262516.2A patent/CN105871657B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327183A (en) * | 2013-06-13 | 2013-09-25 | 中国科学院信息工程研究所 | Black box protecting method and system for private data of Android user based on tag |
CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108280343A (en) * | 2017-01-06 | 2018-07-13 | 广州市动景计算机科技有限公司 | The method, apparatus and system of application security are detected under Android environment |
CN107579995A (en) * | 2017-09-30 | 2018-01-12 | 北京奇虎科技有限公司 | The network protection method and device of onboard system |
CN111147423A (en) * | 2018-11-02 | 2020-05-12 | 千寻位置网络有限公司 | Risk sensing method and device and monitoring system |
CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
CN110519293A (en) * | 2019-09-10 | 2019-11-29 | 北京锐安科技有限公司 | A kind of message test method, device, equipment and storage medium |
CN111988239A (en) * | 2020-08-21 | 2020-11-24 | 哈尔滨工业大学 | Method for acquiring pure software flow for Android application |
Also Published As
Publication number | Publication date |
---|---|
CN105871657B (en) | 2019-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105871657A (en) | System and method for network data monitoring based on Android platform | |
CN109325351B (en) | Security hole automatic verification system based on public testing platform | |
CN106909847B (en) | Malicious code detection method, device and system | |
CN105208000B (en) | The method and Network Security Device of network analysis attack backtracking | |
CN110677381B (en) | Penetration test method and device, storage medium and electronic device | |
CN102710658B (en) | Information push method and system | |
CN104182688A (en) | Android malicious code detection device and method based on dynamic activation and behavior monitoring | |
CN105119901B (en) | A kind of detection method and system of fishing hot spot | |
CN104951675B (en) | A kind of method and system for identifying pirate application | |
CN104794051A (en) | Automatic Android platform malicious software detecting method | |
CN105574477A (en) | Secure anti-theft method, apparatus and system | |
CN112818352B (en) | Database detection method and device, storage medium and electronic device | |
CN111092910A (en) | Database security access method, device, equipment, system and readable storage medium | |
CN105897686A (en) | Smart television user account speech management method and smart television | |
CN112153336B (en) | Monitoring method and related equipment | |
CN105429996B (en) | A method of intelligence discovery and positioning address conversion equipment | |
CN109740577A (en) | A kind of real-time face based on raspberry pie identifies camera system and its adjustment method again | |
CN111970233A (en) | Analysis and identification method for network violation external connection scene | |
CN104486292B (en) | A kind of control method of ERM secure access, apparatus and system | |
CN107480530A (en) | Method, apparatus, system and the server of safety detection | |
CN108959860A (en) | Whether a kind of detection android system is cracked and cracks record acquisition methods | |
CN110768950A (en) | Permeation instruction sending method and device, storage medium and electronic device | |
CN106357620A (en) | Method of intelligent recognition of servers | |
CN113765912A (en) | Distributed firewall device and detection method thereof | |
CN102299958A (en) | Method for monitoring video through IE (Internet Explorer) client side and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 100094 Beijing Haidian District, Northwest Wangzhen Baiwang Innovation Science Park Yongjie South Road, No. 2 Building, No. 3, 3443 Applicant after: BEIJING CORALSEC TECHNOLOGY CO., LTD. Address before: Room 1105, Building No. 18-2, Suzhou Street, Haidian District, Beijing 100080 Applicant before: BEIJING CORALSEC TECHNOLOGY CO., LTD. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190830 Termination date: 20210425 |