CN105871657A - System and method for network data monitoring based on Android platform - Google Patents

System and method for network data monitoring based on Android platform Download PDF

Info

Publication number
CN105871657A
CN105871657A CN201610262516.2A CN201610262516A CN105871657A CN 105871657 A CN105871657 A CN 105871657A CN 201610262516 A CN201610262516 A CN 201610262516A CN 105871657 A CN105871657 A CN 105871657A
Authority
CN
China
Prior art keywords
application
module
bag
network
network data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610262516.2A
Other languages
Chinese (zh)
Other versions
CN105871657B (en
Inventor
张亚庆
咸忠慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Coralsec Technology Co Ltd
Original Assignee
Beijing Coralsec Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Coralsec Technology Co Ltd filed Critical Beijing Coralsec Technology Co Ltd
Priority to CN201610262516.2A priority Critical patent/CN105871657B/en
Publication of CN105871657A publication Critical patent/CN105871657A/en
Application granted granted Critical
Publication of CN105871657B publication Critical patent/CN105871657B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The invention provides a system and method for network data monitoring based on an Android platform and belongs to the field of mobile security of Android platforms. The system for network data monitoring based on the Android platform comprises an application package analysis module, a network data flow acquisition filter module and a key data discovery and judgment module. The application package analysis module serving as a network data flow acquisition module acquires a judgment basis of a designated data packet; by acquiring a system ROOT permission, the network data flow acquisition filter module acquires a network data package of a designated object transmitted by an application analysis package module on a data communication network layer, and obtained results are handed over to the key data discovery and judgment module; and the key data discovery and judgment module analyzes, judges and extracts key data in the network data package through a preliminary definition judgment policy library, and forms a final result.

Description

A kind of Network Data Control system and method based on Android platform
Technical field
The present invention relates to Android platform mobile security field, particularly relate to a kind of based on Android platform Network Data Control system and method.
Background technology
Along with becoming increasingly popular of mobile device, the quick growth of Mobile solution, the safety of Mobile solution software is asked Topic is paid close attention to by increasing user, and App review mechanism of reaching the standard grade in Android market is simple, and it is hidden that some gather users The application of private data is blended in application market, and privacy, the property of user is produced security threat.City now Automatic network data monitoring system and the method for Android platform, existing network data also it is not based in Chang Monitoring analysis is substantially manual Network Data Control manual analysis, and such cost of labor is the highest, it is impossible to meet The demand for security of Mobile solution software.
Summary of the invention
It is an object of the invention to provide a kind of Network Data Control system and method based on Android platform, Thus solve foregoing problems present in prior art.
To achieve these goals, the technical solution used in the present invention is as follows:
A kind of network data detecting system based on Android platform, including: Mobile solution bag privilege analysis mould Block, startup information analysis module installed by application bag and module is analyzed in application monitoring;
Described Mobile solution bag privilege analysis module, disassembles application bag, passes through AndroidManifest.xml detects the System Privileges should having after described application bag is installed;
Described application bag is installed and is started information analysis module, and after described application bag is installed and started, analyzing should IP address with the equipment of the described application of shared pid, uid, port information and installation;
Module is analyzed in described application monitoring, by described IP address and described port information are analyzed, and inspection Survey after startup installed by described application bag and whether the personal information of user is uploaded to remote server and reveals user Information, detection is uploaded the authority whether information is given beyond user, is detected whether described application contains inside Put forward power function.
Preferred described personal information includes: note, multimedia message, video and audio frequency.
Network Data Control system based on Android platform includes: application Packet analyzing module, network data flow Amount obtains filtering module and critical data finds judge module;
Described application Packet analyzing module, obtains the judgement specifying packet as network traffic data acquisition module Foundation;
Described network traffic data acquisition filtering module is by obtaining system ROOT authority, at data communication network The network packet specifying object that the transmission of analytic application bag module is come by layer obtains, and obtains result and transfers to Described critical data finds judge module;
Described critical data finds judge module, passes through the critical data in the described network packet obtained Pre-defined determination strategy storehouse is analyzed, judges and wins, and forms final result.
Preferably, described Network Data Control system based on Android platform be according to described based on The network data detecting system of Android platform makes.
Preferably, described application Packet analyzing module, described network traffic data obtain filtering module and described pass Key data finds that judge module is all realized by python language design.
A kind of method of Network Data Control based on Android platform, comprises the following steps:
The IP address of S1, system start-up, the essential information extracting application bag and the equipment installing this application;
S2, carries out decompiling to described application bag and disassembles, by acquisition after decompiling AndroidManifest.xml file resolves, and obtains all of authority of this application;
S3, has installed described application the most in detection equipment;
S4, if having installed described application, first unloading described application, then being installed and activated described application, if not Described application is installed, is installed and activated described application;
S5, detects whether described application starts successfully, if starting successfully, jumps to S6, if time-out does not detects Successfully start up to this applying detection, extremely exit;
S6, obtains the pid obtained in the process of equipment after described application starts;
S7, by read device interior /proc/pid/cgroup file acquisition uid;
S8, by right/proc/net/tcp file and the resolved detection of/tcp/net/tcp6 file, analyzes it In containing the information of described uid, without repeating to extract port numbers;
S9, captures described port numbers and the network traffic data bag of described IP address at android end;
S10, resolves described network traffic data bag at PC end, detect described apply start on equipment after certain Whether userspersonal information is transmitted to remote server in time;If described apply on equipment start after one Do not transmit userspersonal information to remote server in fixing time, log off and submit safety message to, If described application transmits userspersonal information to remote server in certain time after startup on equipment, Then jump to S11;
S11, detection authority corresponding to user profile whether with described application this in Authority in AndroidManifest.xml is consistent, if unanimously, logs off and submits dangerous report to;If no Unanimously, described application is internal may log off containing carrying power code and submit dangerous report to.
Preferably, the essential information of bag is applied to include applying bag name, starting act ivi ty and version described in S1 Number.
Preferably, S5 use circulation finite number of time detect whether described application starts successfully.
Preferably, in S9, capture described port numbers and described by the tcpdump instrument of described android end The network traffic data bag of IP address.
Preferably, in S10, resolved the flow bag captured by tshark instrument at described PC end.
The invention has the beneficial effects as follows: the crawl Mobile solution being realized a kind of automatization by the present invention is being run During the network flow data bag uploaded, automatically analyze in the data of crawl whether there is privacy leakage, from And ensure that the safety of Mobile solution software.
Accompanying drawing explanation
Fig. 1 is the service chart of present invention Network Data Control based on Android platform system.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing, right The present invention is further elaborated.Should be appreciated that detailed description of the invention described herein only in order to Explain the present invention, be not intended to limit the present invention.
The principle of native system is as follows:
1, native system is by carrying out turning with the data on flows bag received by specifying application network transmission to send in real time Deposit, carry out data traffic detection, check that user's local data is uploaded the long-range clothes of application the most without permission Business device end.
2, network data detecting system is divided into three parts, including: Mobile solution bag privilege analysis module, two are Startup information analysis module installed by application bag and module is analyzed in application monitoring.
3, described Mobile solution bag privilege analysis module is by disassembling application bag, passes through AndroidManifest.xml detects the System Privileges should having after this application is installed.
4, after described application bag installation startup information analysis module is by application bag installation startup, this application institute The information such as the pid that takies, uid, port, and the IP address of the equipment of this application is installed.
5, described application monitoring analyzes module by appointment IP, the information of the acquisition of port, detecting this application Install start after whether personal information to user, such as note, multimedia message, video, audio frequency etc., upload remote Journey server, reveals user profile;Detection uploads whether information exceeds beyond the authority that user is given, inspection Survey this application whether to contain inside and put forward power function.
6, Network Data Control system based on Android platform includes: application Packet analyzing module, network number Obtain filtering module according to flow and critical data finds judge module;
7, described application Packet analyzing module, is realized by python language design, obtains as network traffic data Delivery block obtains the basis for estimation specifying packet;
8, described network traffic data obtains filtering module, is realized by python language design, by obtaining System ROOT authority, is operated in data communication network network layers correspondence and resolves the next appointment object of bag module transmission Packet obtains, and obtains result and transfers to critical data to find judge module;
9, described critical data finds judge module, is realized by python language design, to obtaining network number It is analyzed according to the critical data in bag by pre-defined determination strategy storehouse, judges and wins, formed final Result.
Implementing of Network Data Control system based on Android platform is as follows with work process:
1, start system, extract the essential information of application bag, such as application bag name, start act ivity, version Number etc., and the IP address of the equipment of this application to be installed.
2, application bag is carried out decompiling to disassemble, by the AndroidManifest.xml obtained after decompiling File resolves, and obtains all of authority of this application.
3, detection equipment having been installed this application the most: if installing, first having unloaded that to be installed and activated afterwards (be anti- The only installation kit on mobile phone and to be detected inconsistent);If not installing, it is installed and activated.
4, whether the application on circulation finite number of time detection equipment starts successfully, if starting successfully, enters next Step.Time-out is not detected by this applying detection and successfully starts up, and extremely exits.
5, the pid obtained in the process of equipment after this application starts is obtained.
6, by device interior /proc/pid/cgroup obtains uid.
7, by right/proc/net/tcp and the resolved detection of/tcp/net/tcp6, analysis wherein contains above-mentioned The information of uid, without repeating to extract port numbers.
8, appointment transmitting terminal IP and the flow of above-mentioned port are captured in limited time by the tcpdump instrument of android end Wrap and be passed to PC end.
9, resolved the flow bag captured at PC end by tshark, detect this and apply on equipment certain after startup Whether userspersonal information is transmitted to remote server in time.If having, corresponding to detection user profile Whether authority is the most consistent with this authority in AndroidManifest.xml of this application: if consistent, exit and is Unite and submit dangerous report to;If inconsistent, may log off containing carrying power code and carry inside this application Hand over danger report.If nothing, log off and submit safety message to.
By using technique scheme disclosed by the invention, obtain following beneficial effect: by this The bright network flow data bag that Mobile solution is uploaded in running that captures realizing a kind of automatization, automatically Analyze in the data captured and whether there is privacy leakage, thus ensure that the safety of Mobile solution software.
The above is only the preferred embodiment of the present invention, it is noted that common for the art For technical staff, under the premise without departing from the principles of the invention, it is also possible to make some improvements and modifications, These improvements and modifications also should regard protection scope of the present invention.

Claims (10)

1. a network data detecting system based on Android platform, it is characterised in that including: mobile Application bag privilege analysis module, startup information analysis module installed by application bag and module is analyzed in application monitoring;
Described Mobile solution bag privilege analysis module, disassembles application bag, passes through AndroidManifest.xml detects the System Privileges should having after described application bag is installed;
Described application bag is installed and is started information analysis module, and after described application bag is installed and started, analyzing should IP address with the equipment of the described application of shared pid, uid, port information and installation;
Module is analyzed in described application monitoring, by described IP address and described port information are analyzed, and inspection Survey after startup installed by described application bag and whether the personal information of user is uploaded to remote server and reveals user Information, detection is uploaded the authority whether information is given beyond user, is detected whether described application contains inside Put forward power function.
A kind of network data detecting system based on Android platform the most according to claim 1, it is special Levying and be, described personal information includes: note, multimedia message, video and audio frequency.
3. a Network Data Control system based on Android platform, it is characterised in that including: application Packet analyzing module, network traffic data obtain filtering module and critical data finds judge module;
Described application Packet analyzing module, obtains the judgement specifying packet as network traffic data acquisition module Foundation;
Described network traffic data acquisition filtering module is by obtaining system ROOT authority, at data communication network The network packet specifying object that the transmission of analytic application bag module is come by layer obtains, and obtains result and transfers to Described critical data finds judge module;
Described critical data finds judge module, passes through the critical data in the described network packet obtained Pre-defined determination strategy storehouse is analyzed, judges and wins, and forms final result.
A kind of Network Data Control system based on Android platform the most according to claim 3, it is special Levying and be, described Network Data Control system based on Android platform is to put down based on Android according to described The network data detecting system of platform makes.
A kind of Network Data Control system based on Android platform the most according to claim 3, it is special Levying and be, described application Packet analyzing module, described network traffic data obtain filtering module and described pass bond number It is found that judge module is all realized by python language design.
6. the method for a Network Data Control based on Android platform, it is characterised in that include following Step:
The IP address of S1, system start-up, the essential information extracting application bag and the equipment installing this application;
S2, carries out decompiling to described application bag and disassembles, by acquisition after decompiling AndroidManifest.xml file resolves, and obtains all of authority of this application;
S3, has installed described application the most in detection equipment;
S4, if having installed described application, first unloading described application, then being installed and activated described application, if not Described application is installed, is installed and activated described application;
S5, detects whether described application starts successfully, if starting successfully, jumps to S6, if time-out does not detects Successfully start up to this applying detection, extremely exit;
S6, obtains the pid obtained in the process of equipment after described application starts;
S7, by read device interior /proc/pid/cgroup file acquisition uid;
S8, by right/proc/net/tcp file and the resolved detection of/tcp/net/tcp6 file, analyzes it In containing the information of described uid, without repeating to extract port numbers;
S9, captures described port numbers and the network traffic data bag of described IP address at android end;
S10, resolves described network traffic data bag at PC end, detect described apply start on equipment after certain Whether userspersonal information is transmitted to remote server in time;If described apply on equipment start after one Do not transmit userspersonal information to remote server in fixing time, log off and submit safety message to, If described application transmits userspersonal information to remote server in certain time after startup on equipment, Then jump to S11;
S11, detection authority corresponding to user profile whether with described application this in Authority in AndroidManifest.xml is consistent, if unanimously, logs off and submits dangerous report to;If no Unanimously, described application is internal may log off containing carrying power code and submit dangerous report to.
The method of a kind of Network Data Control based on Android platform the most according to claim 6, its It is characterised by, described in S1, applies the essential information of bag to include applying bag name, starting activity and version number.
The method of a kind of Network Data Control based on Android platform the most according to claim 6, its It is characterised by, S5 uses circulation finite number of time detect whether described application starts successfully.
The method of a kind of Network Data Control based on Android platform the most according to claim 6, its It is characterised by, in S9, captures described port numbers and described IP by the tcpdump instrument of described android end The network traffic data bag of address.
The method of a kind of Network Data Control based on Android platform the most according to claim 6, It is characterized in that, in S10, resolved the flow bag captured by tshark instrument at described PC end.
CN201610262516.2A 2016-04-25 2016-04-25 A kind of Network Data Control system and method based on Android platform Expired - Fee Related CN105871657B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610262516.2A CN105871657B (en) 2016-04-25 2016-04-25 A kind of Network Data Control system and method based on Android platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610262516.2A CN105871657B (en) 2016-04-25 2016-04-25 A kind of Network Data Control system and method based on Android platform

Publications (2)

Publication Number Publication Date
CN105871657A true CN105871657A (en) 2016-08-17
CN105871657B CN105871657B (en) 2019-08-30

Family

ID=56629264

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610262516.2A Expired - Fee Related CN105871657B (en) 2016-04-25 2016-04-25 A kind of Network Data Control system and method based on Android platform

Country Status (1)

Country Link
CN (1) CN105871657B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579995A (en) * 2017-09-30 2018-01-12 北京奇虎科技有限公司 The network protection method and device of onboard system
CN108280343A (en) * 2017-01-06 2018-07-13 广州市动景计算机科技有限公司 The method, apparatus and system of application security are detected under Android environment
CN110113325A (en) * 2019-04-25 2019-08-09 成都卫士通信息产业股份有限公司 Network Data Control method, apparatus and storage medium based on third party SDK
CN110519293A (en) * 2019-09-10 2019-11-29 北京锐安科技有限公司 A kind of message test method, device, equipment and storage medium
CN111147423A (en) * 2018-11-02 2020-05-12 千寻位置网络有限公司 Risk sensing method and device and monitoring system
CN111988239A (en) * 2020-08-21 2020-11-24 哈尔滨工业大学 Method for acquiring pure software flow for Android application

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327183A (en) * 2013-06-13 2013-09-25 中国科学院信息工程研究所 Black box protecting method and system for private data of Android user based on tag
CN104462970A (en) * 2014-12-17 2015-03-25 中国科学院软件研究所 Android application program permission abuse detecting method based on process communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327183A (en) * 2013-06-13 2013-09-25 中国科学院信息工程研究所 Black box protecting method and system for private data of Android user based on tag
CN104462970A (en) * 2014-12-17 2015-03-25 中国科学院软件研究所 Android application program permission abuse detecting method based on process communication

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108280343A (en) * 2017-01-06 2018-07-13 广州市动景计算机科技有限公司 The method, apparatus and system of application security are detected under Android environment
CN107579995A (en) * 2017-09-30 2018-01-12 北京奇虎科技有限公司 The network protection method and device of onboard system
CN111147423A (en) * 2018-11-02 2020-05-12 千寻位置网络有限公司 Risk sensing method and device and monitoring system
CN110113325A (en) * 2019-04-25 2019-08-09 成都卫士通信息产业股份有限公司 Network Data Control method, apparatus and storage medium based on third party SDK
CN110519293A (en) * 2019-09-10 2019-11-29 北京锐安科技有限公司 A kind of message test method, device, equipment and storage medium
CN111988239A (en) * 2020-08-21 2020-11-24 哈尔滨工业大学 Method for acquiring pure software flow for Android application

Also Published As

Publication number Publication date
CN105871657B (en) 2019-08-30

Similar Documents

Publication Publication Date Title
CN105871657A (en) System and method for network data monitoring based on Android platform
CN109325351B (en) Security hole automatic verification system based on public testing platform
CN106909847B (en) Malicious code detection method, device and system
CN105208000B (en) The method and Network Security Device of network analysis attack backtracking
CN110677381B (en) Penetration test method and device, storage medium and electronic device
CN102710658B (en) Information push method and system
CN104182688A (en) Android malicious code detection device and method based on dynamic activation and behavior monitoring
CN105119901B (en) A kind of detection method and system of fishing hot spot
CN104951675B (en) A kind of method and system for identifying pirate application
CN104794051A (en) Automatic Android platform malicious software detecting method
CN105574477A (en) Secure anti-theft method, apparatus and system
CN112818352B (en) Database detection method and device, storage medium and electronic device
CN111092910A (en) Database security access method, device, equipment, system and readable storage medium
CN105897686A (en) Smart television user account speech management method and smart television
CN112153336B (en) Monitoring method and related equipment
CN105429996B (en) A method of intelligence discovery and positioning address conversion equipment
CN109740577A (en) A kind of real-time face based on raspberry pie identifies camera system and its adjustment method again
CN111970233A (en) Analysis and identification method for network violation external connection scene
CN104486292B (en) A kind of control method of ERM secure access, apparatus and system
CN107480530A (en) Method, apparatus, system and the server of safety detection
CN108959860A (en) Whether a kind of detection android system is cracked and cracks record acquisition methods
CN110768950A (en) Permeation instruction sending method and device, storage medium and electronic device
CN106357620A (en) Method of intelligent recognition of servers
CN113765912A (en) Distributed firewall device and detection method thereof
CN102299958A (en) Method for monitoring video through IE (Internet Explorer) client side and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100094 Beijing Haidian District, Northwest Wangzhen Baiwang Innovation Science Park Yongjie South Road, No. 2 Building, No. 3, 3443

Applicant after: BEIJING CORALSEC TECHNOLOGY CO., LTD.

Address before: Room 1105, Building No. 18-2, Suzhou Street, Haidian District, Beijing 100080

Applicant before: BEIJING CORALSEC TECHNOLOGY CO., LTD.

GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190830

Termination date: 20210425