CN105871657B - A kind of Network Data Control system and method based on Android platform - Google Patents
A kind of Network Data Control system and method based on Android platform Download PDFInfo
- Publication number
- CN105871657B CN105871657B CN201610262516.2A CN201610262516A CN105871657B CN 105871657 B CN105871657 B CN 105871657B CN 201610262516 A CN201610262516 A CN 201610262516A CN 105871657 B CN105871657 B CN 105871657B
- Authority
- CN
- China
- Prior art keywords
- application
- packet
- network
- data
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Mining & Analysis (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of Network Data Control system and method based on Android platform, belongs to Android platform mobile security field.Network Data Control system based on Android platform includes: to obtain filtering module and critical data discovery judgment module using Packet analyzing module, network traffic data.The application Packet analyzing module obtains the judgment basis that module obtains specified data packet as network traffic data;The network traffic data obtains filtering module by acquisition system ROOT permission, is obtained in the network packet of the corresponding specified object come with parsing packet module transmitting of data communication network network layers, acquisition result transfers to the critical data to find judgment module;The critical data finds judgment module, and the critical data in the network packet of acquisition is analyzed, judged and won by pre-defined determination strategy library, final result is formed.
Description
Technical field
The present invention relates to Android platform mobile security field more particularly to a kind of network numbers based on Android platform
According to monitoring system and method.
Background technique
As the safety problem of becoming increasingly popular for mobile device, the rapid growth of mobile application, mobile application software is got over
It is of interest to carry out more users, the Android market online review mechanism of App is simple, the application mixing of some acquisition privacy of user data
In application market, security threat is generated to the privacy of user, property.Now there are no based on Android platform in the market
Automatic network data monitoring system and method, substantially manually Network Data Control is artificial for existing Network Data Control analysis
Analysis, such cost of labor is very high, is not able to satisfy the demand for security of mobile application software.
Summary of the invention
The Network Data Control system and method based on Android platform that the purpose of the present invention is to provide a kind of, thus
Solve foregoing problems existing in the prior art.
To achieve the goals above, The technical solution adopted by the invention is as follows:
A kind of network data detection system based on Android platform, comprising: mobile application packet privilege analysis module is answered
Starting information analysis module and application monitoring analysis module are installed with packet;
The mobile application packet privilege analysis module is disassembled to using packet, is examined by AndroidManifest.xml
Survey the system permission that should possess after the application packet installation;
The application packet installation starting information analysis module is analyzed shared by the application after application packet installation starting
The IP address of the equipment of pid, uid, port information and the installation application;
The application monitors analysis module, by analyzing the IP address and the port information, described in detection
User information is revealed using whether the personal information of user remote server is uploaded to after packet installation starting, communication in detection
The permission whether breath is assigned beyond user, whether the detection application, which contains inside, mentions Quan Gongneng.
The preferred personal information includes: short message, multimedia message, video and audio.
Network Data Control system based on Android platform includes: to obtain using Packet analyzing module, network traffic data
Filtering module and critical data find judgment module;
The application Packet analyzing module obtains the judgment basis that module obtains specified data packet as network traffic data;
The network traffic data obtains filtering module by acquisition system ROOT permission, corresponds in data communication network network layers
It is obtained with the network packet of specified object that parsing packet module transmitting comes, obtains result and transfer to the critical data discovery
Judgment module;
The critical data finds judgment module, and it is fixed in advance to pass through to the critical data in the network packet of acquisition
Adopted determination strategy library is analyzed, judged and is won, and final result is formed.
Preferably, the Network Data Control system based on Android platform is according to described based on Android platform
Network data detection system production.
Preferably, the application Packet analyzing module, the network traffic data obtain filtering module and the critical data
It was found that judgment module is realized by python language design.
A method of the Network Data Control based on Android platform, comprising the following steps:
S1, system starting extract the essential information of application packet and to install the IP address of the equipment of the application;
S2 carries out decompiling dismantling to the application packet, by the AndroidManifest.xml obtained after decompiling
File is parsed, and obtains this using all permissions;
Whether S3 has installed the application in detection device;
S4 first unloads the application if having installed the application, then the application is installed and activated, if not installing described
Using the application is installed and activated;
S5, detects whether the application starts success, if starting successfully, S6 is jumped to, if the application is not detected in time-out
Detection successfully starts up, and exits extremely;
S6 obtains the pid obtained in the process of equipment after the application starting;
S7, by read equipment inside /proc/pid/cgroup file acquisition uid;
S8, by the resolved detection of right/proc/net/tcp file and/tcp/net/tcp6 file, analysis wherein contains
The information of the uid, it is no to repeat to extract port numbers;
S9 grabs the network traffic data packet of the port numbers and the IP address at the end android;
S10 parses the network traffic data packet at the end PC, detect it is described apply start in equipment after in certain time
Whether to remote server transmit userspersonal information;If it is described apply start in equipment after in certain time not to remote
Journey server end transmits userspersonal information, logs off and submits safety message, if it is described apply start in equipment it is latter
It fixes time interior to remote server transmission userspersonal information, then jumps to S11;
S11, detects whether permission corresponding to user information is applied in itself in AndroidManifest.xml with described
Permission it is consistent, if unanimously, logging off and submitting dangerous report;If inconsistent, generation may be weighed containing mentioning inside the application
Code, logs off and submits dangerous report.
Preferably, the essential information described in S1 using packet includes using packet name, starting act ivi ty and version number.
Preferably, whether success is started using the circulation finite number of time detection application in S5.
Preferably, in S9, the port numbers and the IP address are grabbed by the tcpdump tool at the end android
Network traffic data packet.
Preferably, in S10, pass through the flow packet of tshark tool parsing crawl at the end PC.
The beneficial effects of the present invention are: realizing a kind of crawl mobile application of automation through the invention in the process of running
The network flow data packet of upload is automatically analyzed with the presence or absence of privacy leakage in the data of crawl, to ensure that mobile application
The safety of software.
Detailed description of the invention
Fig. 1 is the operation figure of the Network Data Control system the present invention is based on Android platform.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing, to the present invention into
Row is further described.It should be appreciated that the specific embodiments described herein are only used to explain the present invention, it is not used to
Limit the present invention.
The principle of this system is as follows:
1, this system is the data on flows packet progress unloading by real time sending and receiving the transmission of specified application network, into
Row data flow detection, checks whether user's local data is uploaded the remote server of application without permission.
2, network data detection system is divided into three parts, comprising: mobile application packet privilege analysis module, second is that using Bao An
Dress starting information analysis module and application monitoring analysis module.
3, the mobile application packet privilege analysis module is by passing through AndroidManifest.xml to application packet dismantling
Detect the system permission that should possess after application installation.
4, the application packet installation starting information analysis module is after wrapping installation starting by application, this is using occupied
The information such as pid, uid, port, and the IP address of the equipment of the application is installed.
5, the application monitors information of the analysis module by the acquisition to specified IP, port, detects this and applies and is installing
Whether to the personal information of user, such as short message, multimedia message, video, audio after starting, remote server, leakage user's letter are uploaded
Breath;Detection upload information whether exceed other than the permission that user is assigned, detect the application whether contain inside mention Quan Gongneng.
6, the Network Data Control system based on Android platform includes: to obtain using Packet analyzing module, network traffic data
Filtering module and critical data is taken to find judgment module;
7, the application Packet analyzing module, is realized by python language design, obtains module as network traffic data
Obtain the judgment basis of specified data packet;
8, the network traffic data obtains filtering module, is realized by python language design, by obtaining system
ROOT permission, work data communication network network layers it is corresponding with parsing packet module transmit come the data packet of specified object obtained
It takes, obtains result and critical data is transferred to find judgment module;
9, the critical data finds judgment module, is realized by python language design, in acquisition network packet
Critical data analyzed, judged and won by pre-defined determination strategy library, form final result.
The specific implementation of Network Data Control system based on Android platform and the course of work are as follows:
1, activation system extracts the essential information of application packet, such as using packet name, starting act ivity, version number, and
The IP address of the equipment of the application is installed.
2, application is wrapped and carries out decompiling dismantling, by the AndroidManifest.xml file obtained after decompiling
It is parsed, obtains this using all permissions.
3, whether the application has been installed in detection device: if having installed, first having unloaded and is installed and activated afterwards (to prevent on mobile phone
Installation kit and to be detected it is inconsistent);If not installing, it is installed and activated.
4, whether the application recycled on finite number of time detection device starts success, if starting successfully, into next step.Time-out
Application detection is not detected to successfully start up, exits extremely.
5, the pid obtained in the process of equipment after application starting is obtained.
6, by inside equipment /proc/pid/cgroup obtain uid.
7, by pair/proc/net/tcp and the/resolved detection of tcp/net/tcp6, analysis is wherein containing above-mentioned uid
Information, it is no to repeat to extract port numbers.
8, it is prescribed a time limit by the tcpdump tool at the end android and grabs the flow packet for specifying transmitting terminal IP and above-mentioned port simultaneously
It is passed to the end PC.
9, at the end PC by the flow packet of tshark parsing crawl, detect this apply start in equipment after in certain time
Whether to remote server transmit userspersonal information.If so, detection user information corresponding to permission whether with the application
Permission in AndroidManifest.xml in itself is consistent: if consistent, logging off and submits dangerous report;If inconsistent,
This may log off containing power code is mentioned using inside and submit dangerous report.If nothing, logs off and submit safe report
It accuses.
By using above-mentioned technical proposal disclosed by the invention, following beneficial effect is obtained: having realized through the invention
A kind of network flow data packet that the crawl mobile application of automation uploads in the process of running, automatically analyzes in the data of crawl
With the presence or absence of privacy leakage, to ensure that the safety of mobile application software.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
Depending on protection scope of the present invention.
Claims (5)
1. a kind of method of the Network Data Control based on Android platform, which comprises the following steps:
S1, system starting extract the essential information of application packet and to install the IP address of the equipment of the application;
S2 carries out decompiling dismantling to the application packet, by the AndroidManifest.xml file obtained after decompiling
It is parsed, obtains this using all permissions;
Whether S3 has installed the application in detection device;
S4 first unloads the application if having installed the application, then the application is installed and activated, if not installing the application,
The application is installed and activated;
S5, detects whether the application starts success, if starting successfully, jumps to S6, if application detection is not detected in time-out
It successfully starts up, exits extremely;
S6 obtains the pid obtained in the process of equipment after the application starting;
S7, by read equipment inside /proc/pid/cgroup file acquisition uid;
S8, by the resolved detection of right/proc/net/tcp file and/tcp/net/tcp6 file, analysis is wherein containing described
The information of uid, it is no to repeat to extract port numbers;
S9 grabs the network traffic data packet of the port numbers and the IP address at the end android;
S10 parses the network traffic data packet at the end PC, detect it is described apply start in equipment after in certain time whether
Userspersonal information is transmitted to remote server;If described apply does not take to long-range in certain time after starting in equipment
Be engaged in device end transmission userspersonal information, logs off and submits safety message, if described apply starts latter timing in equipment
It is interior to transmit userspersonal information to remote server, then jump to S11;
S11, detect permission corresponding to user information whether with itself power in AndroidManifest.xml of application
Limit is consistent, if unanimously, logging off and submitting dangerous report;If inconsistent, may be moved back containing power code is mentioned inside the application
System and submit dangerous report out.
2. a kind of method of Network Data Control based on Android platform according to claim 1, which is characterized in that
Essential information described in S1 using packet includes using packet name, starting activity and version number.
3. a kind of method of Network Data Control based on Android platform according to claim 1, which is characterized in that
Whether success is started using the circulation finite number of time detection application in S5.
4. a kind of method of Network Data Control based on Android platform according to claim 1, which is characterized in that
In S9, the network traffic data of the port numbers and the IP address is grabbed by the tcpdump tool at the end android
Packet.
5. a kind of method of Network Data Control based on Android platform according to claim 1, which is characterized in that
In S10, pass through the flow packet of tshark tool parsing crawl at the end PC.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610262516.2A CN105871657B (en) | 2016-04-25 | 2016-04-25 | A kind of Network Data Control system and method based on Android platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610262516.2A CN105871657B (en) | 2016-04-25 | 2016-04-25 | A kind of Network Data Control system and method based on Android platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105871657A CN105871657A (en) | 2016-08-17 |
| CN105871657B true CN105871657B (en) | 2019-08-30 |
Family
ID=56629264
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610262516.2A Expired - Fee Related CN105871657B (en) | 2016-04-25 | 2016-04-25 | A kind of Network Data Control system and method based on Android platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105871657B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108280343B (en) * | 2017-01-06 | 2021-04-09 | 阿里巴巴(中国)有限公司 | Method, device and system for detecting application security in android environment |
| CN107579995A (en) * | 2017-09-30 | 2018-01-12 | 北京奇虎科技有限公司 | The network protection method and device of onboard system |
| CN111147423A (en) * | 2018-11-02 | 2020-05-12 | 千寻位置网络有限公司 | Risk sensing method and device and monitoring system |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
| CN110519293A (en) * | 2019-09-10 | 2019-11-29 | 北京锐安科技有限公司 | A kind of message test method, device, equipment and storage medium |
| CN111988239B (en) * | 2020-08-21 | 2022-07-15 | 哈尔滨工业大学 | Method for acquiring pure software flow for Android application |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103327183A (en) * | 2013-06-13 | 2013-09-25 | 中国科学院信息工程研究所 | Black box protecting method and system for private data of Android user based on tag |
| CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
-
2016
- 2016-04-25 CN CN201610262516.2A patent/CN105871657B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103327183A (en) * | 2013-06-13 | 2013-09-25 | 中国科学院信息工程研究所 | Black box protecting method and system for private data of Android user based on tag |
| CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105871657A (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105871657B (en) | A kind of Network Data Control system and method based on Android platform | |
| CN103888451B (en) | Authorization method, the apparatus and system of certification | |
| CN110677381B (en) | Penetration test method and device, storage medium and electronic device | |
| CN107209830B (en) | Method for identifying and resisting network attack | |
| CN107026821B (en) | Message processing method and device | |
| CN105721479B (en) | A kind of network address filter method and device | |
| CN104361076B (en) | The abnormality eliminating method and device of browser | |
| US10972496B2 (en) | Upload interface identification method, identification server and system, and storage medium | |
| CN107528818B (en) | Data processing method and device for media file | |
| CN104092665A (en) | Access request filtering method, device and facility | |
| CN104869568B (en) | A kind of monitoring system collocation method and system based on audio | |
| CN104113519A (en) | Network attack detection method and device thereof | |
| CN109493443A (en) | A kind of intelligent polling method and system based on two dimensional code | |
| TWI490726B (en) | Method and device for protecting access to multiple applications by using single sign-on | |
| CN105392136A (en) | Method and device for access to router based on two-dimensional code | |
| CN106161395A (en) | A kind of prevent the method for Brute Force, Apparatus and system | |
| CN106227780A (en) | Automatization's sectional drawing evidence collecting method of a kind of magnanimity webpage and system | |
| CN102316087A (en) | The detection method that network application is attacked | |
| CN105915842B (en) | A kind of password amending method, device and video monitoring system | |
| CN103023930A (en) | Webpage sharing method and device | |
| CN102624687A (en) | Networking program user authentication method based on mobile terminal | |
| CN105791269A (en) | Information security gateway based on data white list | |
| CN105704178A (en) | Task platform access method and task platform access device | |
| CN208128283U (en) | Information security of computer network monitor system | |
| CN110311857A (en) | A kind of college association online interaction platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100094 Beijing Haidian District, Northwest Wangzhen Baiwang Innovation Science Park Yongjie South Road, No. 2 Building, No. 3, 3443 Applicant after: BEIJING CORALSEC TECHNOLOGY CO., LTD. Address before: Room 1105, Building No. 18-2, Suzhou Street, Haidian District, Beijing 100080 Applicant before: BEIJING CORALSEC TECHNOLOGY CO., LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190830 Termination date: 20210425 |