CN106713246B - A kind of detection method, device and mobile terminal that the application program page is kidnapped - Google Patents
A kind of detection method, device and mobile terminal that the application program page is kidnapped Download PDFInfo
- Publication number
- CN106713246B CN106713246B CN201510790695.2A CN201510790695A CN106713246B CN 106713246 B CN106713246 B CN 106713246B CN 201510790695 A CN201510790695 A CN 201510790695A CN 106713246 B CN106713246 B CN 106713246B
- Authority
- CN
- China
- Prior art keywords
- page
- target pages
- application program
- information
- pages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Navigation (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides detection method, device and mobile terminals that a kind of application program page is kidnapped, it is related to the communications field, the abduction page can not effectively be detected by solving the prior art, efficiency it is lower and influence application program operational efficiency the problem of, this method comprises: in the operation of the first application program, if the first application program is shown in the target pages of front end and the page being active is the same or similar page, the packet name information of target pages is then extracted, the page being active is the page that will be shown in the first application program;According to the packet name information of target pages, determine whether target pages are to kidnap the page or the suspicious abduction page;If target pages are the suspicious abduction page, characteristic information is applied according to the packet name information extraction target pages of target pages;Characteristic information is applied according to target pages, determines whether target pages are to kidnap the page.The solution of the present invention effectively realizes the detection to the page is kidnapped, and improves accuracy and detection efficiency.
Description
Technical field
The present invention relates to the communications field, in particular to detection method, device and movement that a kind of application program page is kidnapped
Terminal.
Background technique
With intelligent mobile terminal explosive increase, intelligent mobile terminal is faced, and security issues become increasingly urgent, such as dislikes
Meaning software, harassing call, refuse messages, privacy is stolen, Pagejack is gone fishing, and is not only damaged the interests of users
The business lost, while seriously affecting company is carried out and brand image.
With the rapid development of mobile terminal internet, intelligent mobile terminal increases, the rogue program on mobile terminal
Code threat also gradually increases.At present user paid by intelligent mobile terminal APP (Application, application program),
It transfers accounts more and more common, but when user is using these APP needs to input the sensitive informations such as account, password, this allows for malice journey
When the interface APP that the counterfeit abduction user of sequence uses, a same interface can be forged, ordinary user can not identify at all
It is true and false.When user is after forging interface input account, password, rogue program quiet can be uploaded to user information
Rogue program server to steal the sensitive informations such as the account of user, password, identity information, or even can inveigle user to use
The page of personation carries out the operation such as transfer accounts, and the interests of user is caused to be lost.
It is directed to the detection method of intelligent mobile terminal APP Pagejack at present, the means mainly used are that judgement is extracted
The characteristic information of the page whether there is in the white and black list constructed in advance, according to judging result, determine in the APP page
Whether it is held as a hostage.Such as, when target pages are shown in screen front end, the feature for being currently at the page of front end state is obtained
Information;According to acquired characteristic information, whether the page that front end state is currently at described in judgement meets preset safety
Feature;If it is not, then there are Pagejack risks for the system of determination.
Above scheme can directly pass through the side of expansion system function under the premise of not changing operating system mechanism
Formula is realized, is realized simple and convenient.But the page of the page and original APP of rogue program personation at present is almost the same, or even can
It is consistent with the feature of original APP page so as to cause the abduction page of rogue program directly to replicate the page of original APP, nothing
Method is identified by way of aspect ratio pair.Meanwhile target pages feature needs are compared with all APP page features,
For this large-scale application more for the page, the operational efficiency of APP will have a direct impact on, and the efficiency of Pagejack detection is same
It is lower.There is also can not construct blacklist library complete or collected works.
Summary of the invention
The technical problem to be solved in the present invention is to provide detection method, device and movements that a kind of application program page is kidnapped
Terminal, the abduction page can not effectively be detected by solving the prior art, and efficiency is lower, and the problem of will affect APP operational efficiency.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of detection method that the application program page is kidnapped,
Include:
In the operation of the first application program, if first application program is shown in the target pages of front end and in sharp
The page of state living is same page or similar pages, then extracts the packet name information of the target pages, described in activation shape
The page of state is the page that will be shown in first application program;
According to the packet name information of the target pages, determine whether the target pages are to kidnap the page or suspicious abduction
The page;
If the target pages are the suspicious abduction page, according to target described in the packet name information extraction of the target pages
The page applies characteristic information;
Characteristic information is applied according to the target pages, determines whether the target pages are to kidnap the page.
Wherein, the packet name information according to the target pages, determine the target pages whether be kidnap the page or
The suspicious abduction page of person, comprising:
The packet name information of the target pages is compared with the packet name information of first application program;
If the packet name information of the target pages is consistent with the packet name information of first application program, it is determined that the mesh
The mark page is the suspicious abduction page, otherwise, it determines the target pages are to kidnap the page.
Wherein, described to apply characteristic information according to the target pages, determine whether the target pages are to kidnap page
Face, comprising:
By being compared using characteristic information with the application characteristic information of first application program for the target pages;
If the target pages is inconsistent using characteristic information and the application characteristic information of first application program,
The target pages are determined to kidnap the page, otherwise, it determines the target pages are the original page of the first application program.
Wherein, the application characteristic information packet of target pages described in the packet name information extraction according to the target pages
It includes:
The progress information and/or number card of the target pages are reversely extracted according to the packet name information of the target pages
Book.
Wherein, if first application program is shown in the target pages of front end and the page being active
For same page or similar pages, then before the packet name information for extracting the target pages, the detection method further include:
Extract the page feature information of the target pages, and by the page feature information of the target pages and the place
It is compared in the page feature information of the page of state of activation, the page feature information includes at least one page feature;
If having at least one page feature in the page feature information of the target pages and described being active
The page feature of the page is consistent, it is determined that the target pages and the page that is active is same pages;
If having at least one page feature in the page feature information of the target pages and described being active
The page feature of the page is similar features, it is determined that the target pages and the page that is active is similar pages.
Wherein, the page feature information for extracting the target pages, and the page feature of the target pages is believed
Before breath is compared with the page feature information of the page being active, the detection method further include:
It extracts the page feature information of all pages of the first application program and is saved, the page feature information
One or more of packet name, layout, color, control title and content of pages including the page.
Wherein, the page feature information for extracting the target pages, and the page feature of the target pages is believed
Before breath is compared with the page feature information of the page being active, the detection method further include:
By the state for the page that will be shown in first application program set state of activation, it is described to show
The page that the page is the page that first application program is being called or will be entered by returning to function.
In order to solve the above technical problems, the embodiment of the present invention also provides a kind of detection dress that the application program page is kidnapped
It sets, comprising:
First extraction module is used in the operation of the first application program, if first application program is shown in front end
Target pages and the page that is active be same page or similar pages, then extract the Bao Mingxin of the target pages
Breath, the page being active are the page that will be shown in first application program;
First determining module determines whether the target pages are misfortune for the packet name information according to the target pages
Hold the page or the suspicious abduction page;
Second extraction module, if being the suspicious abduction page for the target pages, according to the packet of the target pages
Target pages described in name information extraction apply characteristic information;
Whether second determining module determines the target pages for applying characteristic information according to the target pages
To kidnap the page.
Wherein, first determining module includes:
First comparing unit, for by the packet name information of the packet name information of the target pages and first application program
It is compared;
First determination unit, if for the packet name information of the target pages and the packet name information of first application program
Unanimously, it is determined that the target pages are the suspicious abduction page, otherwise, it determines the target pages are to kidnap the page.
Wherein, second determining module includes:
Second comparing unit, for by the application using characteristic information and first application program of the target pages
Characteristic information is compared;
Second determination unit, if the application using characteristic information and first application program for the target pages
Characteristic information is inconsistent, it is determined that the target pages are to kidnap the page, otherwise, it determines the target pages are answered for described first
With the original page of program.
Wherein, second extraction module includes:
First extraction unit reversely extracts the process of the target pages for the packet name information according to the target pages
Information and/or digital certificate.
Wherein, the detection device further include:
Third extraction module, for extracting the page feature information of the target pages, and by the page of the target pages
Region feature information is compared with the page feature information of the page being active, and the page feature information includes
At least one page feature;
Third determining module, if for having at least one page feature and institute in the page feature information of the target pages
The page feature for stating the page being active is consistent, it is determined that the target pages are with the page that is active
Same page;
4th determining module, if for having at least one page feature and institute in the page feature information of the target pages
The page feature for stating the page being active is similar features, it is determined that the target pages are active with described
The page is similar pages.
Wherein, the detection device further include:
4th extraction module, for extracting the page feature information of all pages of the first application program and being protected
It deposits, the page feature information includes one or more of packet name, layout, color, control title and content of pages of the page.
Wherein, the detection device further include:
Setup module, for setting state of activation for the state for the page that will be shown in first application program,
The page that the page that will be shown is the page that first application program is being called or will be entered by returning to function
Face.
In order to solve the above technical problems, the embodiment of the present invention also provides a kind of mobile terminal, comprising: answer as described above
With the detection device of program Pagejack.
Above-mentioned technical proposal has the beneficial effect that:
The detection method that the application program page of the embodiment of the present invention is kidnapped, first when the first application program is run, if
First application program be shown in front end target pages and the page being active be same page or similar pages, then
The packet name information of target pages is extracted, wherein the page being active is the page that will be shown in the first application program;
Then according to the packet name information of target pages, determine whether target pages are to kidnap the page or the suspicious abduction page;If page object
Face is the suspicious abduction page, then applies characteristic information according to the registration information extraction target pages of target pages, and according to mesh
That marks the page applies characteristic information, determines whether target pages are to kidnap the page.This method is by reversely extracting target pages
Using characteristic information, it can effectively realize the detection that target pages are kidnapped with situation, improve the accuracy and detection efficiency of detection,
The abduction page can not effectively be detected by solving the prior art, and efficiency is lower, and the problem of will affect APP operational efficiency.
Detailed description of the invention
Fig. 1 is the detection method flow chart that the application program page of the present invention is kidnapped;
Fig. 2 is the flow chart for one specific embodiment of detection method that the application program page of the present invention is kidnapped;
Fig. 3 is the structural schematic diagram for the detection device that the application program page of the present invention is kidnapped.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.
As shown in Figure 1, the detection method that a kind of application program page of the embodiment of the present invention is kidnapped, comprising:
Step 101, when the first application program is run, if first application program is shown in the target pages of front end
It is same page or similar pages with the page being active, then extracts the packet name information of the target pages, the place
In the page of state of activation be the page that will show in first application program.
Here, if be shown in front end target pages and the page being active be same page or similar page
Face, then the target pages are likely to be the page being held as a hostage, and need further to detect target pages by following step.
Step 102, according to the packet name information of the target pages, determine the target pages whether be kidnap the page or
The suspicious abduction page.
Step 103, if the target pages are the suspicious abduction page, according to the packet name information extraction of the target pages
The target pages apply characteristic information.
Step 104, characteristic information is applied according to the target pages, determines whether the target pages are to kidnap page
Face.
Here, by reversely extracting the application characteristic information of target pages, it can effectively determine whether target pages are abduction
The page.
The detection method that the application program page of the embodiment of the present invention is kidnapped, first when the first application program is run, if
First application program be shown in front end target pages and the page being active be same page or similar pages, then
The packet name information of target pages is extracted, wherein the page being active is the page that will be shown in the first application program;
Then according to the packet name information of target pages, determine whether target pages are to kidnap the page or the suspicious abduction page;If page object
Face is the suspicious abduction page, then applies characteristic information according to the registration information extraction target pages of target pages, and according to mesh
That marks the page applies characteristic information, determines whether target pages are to kidnap the page.This method is by reversely extracting target pages
Using characteristic information, it can effectively realize the detection that target pages are kidnapped with situation, improve the accuracy and detection efficiency of detection,
The abduction page can not effectively be detected by solving the prior art, and efficiency is lower, and the problem of will affect APP operational efficiency.
Preferably, the step of above-mentioned steps 102 may include:
Step 1021, the packet name information of the target pages and the packet name information of first application program are compared
It is right;
Step 1022, if the packet name information of the target pages is consistent with the packet name information of first application program,
Determine that the target pages are the suspicious abduction page, otherwise, it determines the target pages are to kidnap the page.
Here, the packet name information of all pages of the first application program should be with the packet name of currently running first application program
Unanimously, if the packet name information of target pages and the packet name information of the first application program are inconsistent, it can determine that the target pages are
The abduction page of forgery;If the packet name information of target pages is consistent with the packet name information of the first application program, it is likely that be mesh
The mark page replicates the original page of the first application program completely, it is thus determined that target pages are the suspicious abduction page, needs to mesh
The mark page is further detected.
At this point, by the way that the packet name information of target pages to be compared with the packet name information of the first application program, it can be into one
Whether step detection target pages are to kidnap the page, ensure that the accuracy and validity of detection, improve detection efficiency.
Preferably, the step of above-mentioned steps 104 may include:
Step 1041, by the application characteristic information using characteristic information and first application program of the target pages
It is compared;
Step 1042, if the application characteristic information using characteristic information and first application program of the target pages
It is inconsistent, it is determined that the target pages are to kidnap the page, otherwise, it determines the target pages are that first application program is former
There is the page.
Here, the application characteristic information of all pages of the first application program also should be with currently running first application program
Application characteristic information it is consistent, if target pages application characteristic information and the first application program it is inconsistent, can determine target
The page is to kidnap the page;If target pages apply characteristic information and the first application-consistent, cannot be complete because kidnapping the page
The full duplication page applies characteristic information, therefore can determine that target pages are the original page of the first application program.
At this point, it is consistent in the packet name information of target pages and the packet name information of the first application program, determine that target pages are
When the suspicious abduction page, by the way that target pages are further using the application characteristic information of characteristic information and the first application program
It is compared, can effectively detect whether target pages are to kidnap the page, ensure that the accuracy and validity of detection, improve inspection
Survey efficiency.
Specifically, the step of above-mentioned steps 103, may include:
The progress information and/or number card of the target pages are reversely extracted according to the packet name information of the target pages
Book.
At this point, the progress information and/or digital certificate of target pages can be reversely extracted according to the packet name information of target pages,
To can effectively determine mesh by the way that the progress information of target pages and/or digital certificate to be compared with the first application program
Whether the mark page is to kidnap the page, improves the accuracy of detection.
Wherein, in Android Android device, APK store path in/data/app ,/system/app and/
Tri- files of system/priv-app are each provided with read right to arbitrary user, do not need system permission and can read to answer
Use relevant information.
Certain APK is in/data/app, and the progress information of/system/app and/tri- files of system/priv-app is such as
Shown in lower:
ls-al/data/app
-rw-r--r--system system 7376902 1970-01-13 14:07 NewsArticle-3.6.apk
-rw-r--r--system system 10317590 1970-01-13 14:07 cleanmaster.apk
-rw-r--r--system system 13857237 2015-04-30 14:07
com.ali.money.shield-
2.apk
ls-al/system/app
-rw-r--r--root root 18938 2015-04-23 09:56 AntHalService.apk
-rw-r--r--root root 585808 2015-04-23 09:56 Antispam.apk
-rw-r--r--root root 16361 2015-04-23 09:56 ApplicationsProvider.apk
ls-al/system/priv-app
-rw-r--r--root root 1473168 2015-04-23 09:56 AuthManager.apk
-rw-r--r--root root 428407 2015-04-23 09:56 Backup.apk
-rw-r--r--root root 15674 2015-04-23 09:56
BackupRestoreConfirmation.apk
At this point, the progress information of the APK can directly be read in three files.
Certainly, other are not provided with the system equipment of read right, is read again after system permission can be obtained using related letter
Breath.
Preferably, before above-mentioned steps 101, the detection method can also include:
Step 1001, the page feature information of the target pages is extracted, and the page feature of the target pages is believed
Breath is compared with the page feature information of the page being active, and the page feature information includes at least one
Page feature;
Step 1002, if thering is at least one page feature and described be in swash in the page feature information of the target pages
The page feature of the page of state living is consistent, it is determined that the target pages and the page that is active is same pages
Face;
Step 1003, if thering is at least one page feature and described be in swash in the page feature information of the target pages
The page feature of the page of state living is similar features, it is determined that the target pages are phase with the page that is active
Like the page.
At this point, be compared by the page feature information for obtaining target pages with the page feature being active,
Can effectively detect whether current page is same page or similar pages with the page being active, to judge page object
Whether face may be the abduction page, further to be detected when target pages may be to kidnap the page to target pages.Its
In, when it is same page or similar pages that target pages are with the page being active, target pages, which are likely to be, is robbed
The page held.
Further, the page feature information for extracting the page for convenience, before above-mentioned steps 1001, the detection method
Can also include:
Step 1004, it extracts the page feature information of all pages of the first application program and is saved, the page
Region feature information includes one or more of packet name, layout, color, control title and content of pages of the page.
At this point, by the page feature information for extracting all pages of the first application program in advance and being saved, facilitate
Subsequent step improves treatment effeciency to optimize processing mode to the extraction and calling of page feature information.
Specifically, can save the page feature information of extraction in a manner of following table, feature database is formed, with side
Just it extracts and calls:
| The page | Page feature information |
| The page 1 | Feature 1, feature 2, feature 3 ... |
| The page 2 | Feature 1, feature 2, feature 3 ... |
| The page 3 | Feature 1, feature 2, feature 3 ... |
| The page 4 | Feature 1, feature 2, feature 3 ... |
| .... | .... |
Preferably, before above-mentioned steps 1001, the detection method can also include:
Step 1005, state of activation is set by the state for the page that will be shown in first application program, it is described
The page that the page that will be shown is the page that first application program is being called or will be entered by returning to function.
Here, can be by the page that the first application program is being called or the page setup that will be entered by returning to function
State of activation, other page setups are frozen state, facilitate differentiation and the extraction to the state of activation page.For example, the page 1 calls
The page 2, the page 2 are displayed on foremost, and the state that the page 2 is arranged at this time is state of activation, and the state of other pages is to freeze
Knot state.
At this point, being state of activation by the page status that setting will be shown in advance, facilitate subsequent to state of activation page
The extraction and calling in face improve treatment effeciency to advanced optimize processing mode.
A specific implementation embodiment of the invention is illustrated below below:
As shown in Fig. 2, the detection method that the application program page of the embodiment of the present invention is kidnapped, comprising:
Step 201, it extracts the page feature information of all pages of the first application program and is saved, form feature database.
Here, the page feature information of extraction includes packet name, layout, color, control title and content of pages of the page etc..
Step 202, state of activation is set by the state for the page that will be shown in the first application program, i.e., by display
The page refers to the page that the first application program is being called or will entered by returning to function.
Step 203, in the first application program operation phase, the page for the target pages that each is shown in front end is extracted
Characteristic information is compared with the page feature information for the page being active.
Step 204, whether the comparison result for judging above-mentioned steps 203 is that target pages are with the page being active
Same page or similar pages.
Step 205, if the judging result of above-mentioned steps 204 be it is yes, that extracts target pages applies packet name information, and jumps
Go to step 207.
Here, if the page for having at least one page feature in the page feature information of target pages and being active
It is consistent or similar, it is determined that target pages are same page or similar pages with the page is active.
Step 206, if the judging result of above-mentioned steps 204 is no, it is determined that target pages are that the first application program is original
The page does not find Pagejack, terminates detection.
Step 207, being compared with the packet name information of the first application program using packet name information by target pages.
Step 208, whether the comparison result for judging above-mentioned steps 207 is answering using packet name information with first for target pages
It is consistent with the packet name information of program.
Step 209, if the judging result of above-mentioned steps 208 is yes, it is determined that target pages are the suspicious abduction page, and are jumped
Go to step 211.
Step 210, if the judging result of above-mentioned steps 208 is no, it is determined that target pages are to kidnap the page, terminate inspection
It surveys.
Step 211, characteristic information is applied according to what the packet name information of target pages reversely extracted target pages, and by target
The page is compared using characteristic information with the application characteristic information of the first application program.
It here, include progress information, digital certificate etc. using characteristic information.
Step 212, whether the comparison result for judging above-mentioned steps 211 is answering using characteristic information with first for target pages
It is consistent with program.
Step 213, if the judging result of above-mentioned steps 212 is no, it is determined that target pages are to kidnap the page, terminate inspection
It surveys.
Step 214, if the judging result of above-mentioned steps 212 is yes, it is determined that target pages are that the first application program is original
The page does not find Pagejack, terminates detection.
The detection method that the application program page of the embodiment of the present invention is kidnapped, it is special by the application for reversely extracting target pages
Reference breath, can effectively realize the detection that target pages are kidnapped with situation, improve the accuracy and detection efficiency of detection, solve
The prior art can not effectively detect the abduction page, and efficiency is lower, and the problem of will affect APP operational efficiency.
As shown in figure 3, the embodiment of the present invention also provides a kind of detection device that the application program page is kidnapped, comprising:
First extraction module is used in the operation of the first application program, if first application program is shown in front end
Target pages and the page that is active be same page or similar pages, then extract the Bao Mingxin of the target pages
Breath, the page being active are the page that will be shown in first application program;
First determining module determines whether the target pages are misfortune for the packet name information according to the target pages
Hold the page or the suspicious abduction page;
Second extraction module, if being the suspicious abduction page for the target pages, according to the packet of the target pages
Target pages described in name information extraction apply characteristic information;
Whether second determining module determines the target pages for applying characteristic information according to the target pages
To kidnap the page.
The detection device that the application program page of the embodiment of the present invention is kidnapped, it is special by the application for reversely extracting target pages
Reference breath, can effectively realize the detection that target pages are kidnapped with situation, improve the accuracy and detection efficiency of detection, solve
The prior art can not effectively detect the abduction page, and efficiency is lower, and the problem of will affect APP operational efficiency.
Preferably, first determining module may include:
First comparing unit, for by the packet name information of the packet name information of the target pages and first application program
It is compared;
First determination unit, if for the packet name information of the target pages and the packet name information of first application program
Unanimously, it is determined that the target pages are the suspicious abduction page, otherwise, it determines the target pages are to kidnap the page.
Preferably, second determining module may include:
Second comparing unit, for by the application using characteristic information and first application program of the target pages
Characteristic information is compared;
Second determination unit, if the application using characteristic information and first application program for the target pages
Characteristic information is inconsistent, it is determined that the target pages are to kidnap the page, otherwise, it determines the target pages are answered for described first
With the original page of program.
Preferably, second extraction module may include:
First extraction unit reversely extracts the process of the target pages for the packet name information according to the target pages
Information and/or digital certificate.
Further, the detection device can also include:
Third extraction module, for extracting the page feature information of the target pages, and by the page of the target pages
Region feature information is compared with the page feature information of the page being active, and the page feature information includes
At least one page feature;
Third determining module, if for having at least one page feature and institute in the page feature information of the target pages
The page feature for stating the page being active is consistent, it is determined that the target pages are with the page that is active
Same page;
4th determining module, if for having at least one page feature and institute in the page feature information of the target pages
The page feature for stating the page being active is similar features, it is determined that the target pages are active with described
The page is similar pages.
Further, the detection device can also include:
4th extraction module, for extracting the page feature information of all pages of the first application program and being protected
It deposits, the page feature information includes one or more of packet name, layout, color, control title and content of pages of the page.
Further, the detection device can also include:
Setup module, for setting state of activation for the state for the page that will be shown in first application program,
The page that the page that will be shown is the page that first application program is being called or will be entered by returning to function
Face.
The detection device that the application program page of the embodiment of the present invention is kidnapped, it is special by the application for reversely extracting target pages
Reference breath, can effectively realize the detection that target pages are kidnapped with situation, improve the accuracy and detection efficiency of detection, solve
The prior art can not effectively detect the abduction page, and efficiency is lower, and the problem of will affect APP operational efficiency.
It should be noted that the detection device that the application program page is kidnapped is the side with the positioning of above-mentioned realization electronic equipment
The corresponding device of method, wherein all implementations also can suitable for the embodiment of the device in above method embodiment
Reach same technical effect.
Since the detection device that the application program page of the embodiment of the present invention is kidnapped is applied to mobile terminal, this hair
Bright embodiment additionally provides a kind of mobile terminal, comprising: the detection kidnapped such as the above-mentioned application program page as described in the examples
Device.Wherein, the realization embodiment for the detection device that the above-mentioned application program page is kidnapped is suitable for the mobile terminal
In embodiment, it can also reach identical technical effect.Mobile terminal of the invention such as can be the mobile electricity of mobile phone, tablet computer
Sub- equipment.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (13)
1. the detection method that a kind of application program page is kidnapped characterized by comprising
In the operation of the first application program, if first application program is shown in the target pages of front end and in activation shape
The page of state is same page or similar pages, then extract the packet name information of the target pages, described to be active
The page is the page that will be shown in first application program;
According to the packet name information of the target pages, determine whether the target pages are to kidnap the page or suspicious abduction page
Face, comprising: the packet name information of the target pages is compared with the packet name information of first application program;If the mesh
The packet name information for marking the page is consistent with the packet name information of first application program, it is determined that the target pages are suspicious abduction
The page, otherwise, it determines the target pages are to kidnap the page;
If the target pages are the suspicious abduction page, according to target pages described in the packet name information extraction of the target pages
Apply characteristic information;
Characteristic information is applied according to the target pages, determines whether the target pages are to kidnap the page.
2. detection method according to claim 1, which is characterized in that described to be believed according to the application feature of the target pages
Breath determines whether the target pages are to kidnap the page, comprising:
By being compared using characteristic information with the application characteristic information of first application program for the target pages;
If the target pages is inconsistent using characteristic information and the application characteristic information of first application program, it is determined that
The target pages are to kidnap the page, otherwise, it determines the target pages are the original page of the first application program.
3. detection method according to claim 1, which is characterized in that described to be mentioned according to the packet name information of the target pages
Take the target pages includes: using characteristic information
The progress information and/or digital certificate of the target pages are reversely extracted according to the packet name information of the target pages.
4. detection method according to claim 1, which is characterized in that if before first application program is shown in most
The target pages at end are same page or similar pages with the page being active, then extract the packet name of the target pages
Before information, the detection method further include:
The page feature information of the target pages is extracted, and the page feature information of the target pages and described be in are swashed
The page feature information of the page of state living is compared, and the page feature information includes at least one page feature;
If having at least one page feature and the page being active in the page feature information of the target pages
Page feature it is consistent, it is determined that the target pages and it is described be active the page be same page;
If having at least one page feature and the page being active in the page feature information of the target pages
Page feature be similar features, it is determined that the target pages and it is described be active the page be similar pages.
5. detection method according to claim 4, which is characterized in that the page feature letter for extracting the target pages
Breath, and the page feature information of the target pages and the page feature information of the page being active are compared
To before, the detection method further include:
It extracts the page feature information of all pages of the first application program and is saved, the page feature information includes
One or more of packet name, layout, color, control title and content of pages of the page.
6. detection method according to claim 4, which is characterized in that the page feature letter for extracting the target pages
Breath, and the page feature information of the target pages and the page feature information of the page being active are compared
To before, the detection method further include:
State of activation, the page that will be shown are set by the state for the page that will be shown in first application program
The page called for first application program or the page that will be entered by returning to function.
7. the detection device that a kind of application program page is kidnapped characterized by comprising
First extraction module is used in the operation of the first application program, if first application program is shown in the mesh of front end
The mark page is same page or similar pages with the page being active, then extracts the packet name information of the target pages,
The page being active is the page that will be shown in first application program;
First determining module determines whether the target pages are to kidnap page for the packet name information according to the target pages
Face or the suspicious abduction page;
Second extraction module, if being the suspicious abduction page for the target pages, according to the Bao Mingxin of the target pages
The breath extraction target pages apply characteristic information;
Second determining module determines whether the target pages are misfortune for applying characteristic information according to the target pages
Hold the page;
First determining module includes:
First comparing unit, for carrying out the packet name information of the packet name information of the target pages and first application program
It compares;
First determination unit, if for the packet name information of the target pages and the packet name information one of first application program
It causes, it is determined that the target pages are the suspicious abduction page, otherwise, it determines the target pages are to kidnap the page.
8. detection device according to claim 7, which is characterized in that second determining module includes:
Second comparing unit, for by the application feature using characteristic information and first application program of the target pages
Information is compared;
Second determination unit, if the application feature using characteristic information and first application program for the target pages
Information is inconsistent, it is determined that the target pages are to kidnap the page, otherwise, it determines the target pages are described first using journey
The original page of sequence.
9. detection device according to claim 7, which is characterized in that second extraction module includes:
First extraction unit reversely extracts the progress information of the target pages for the packet name information according to the target pages
And/or digital certificate.
10. detection device according to claim 7, which is characterized in that the detection device further include:
Third extraction module, for extracting the page feature information of the target pages, and the page of the target pages is special
Reference breath is compared with the page feature information of the page being active, and the page feature information includes at least
A kind of page feature;
Third determining module, if for having at least one page feature and the place in the page feature information of the target pages
It is consistent in the page feature of the page of state of activation, it is determined that the target pages are identical with the page that is active
The page;
4th determining module, if for having at least one page feature and the place in the page feature information of the target pages
In the page feature of the page of state of activation be similar features, it is determined that the target pages and described be active the page
For similar pages.
11. detection device according to claim 10, which is characterized in that the detection device further include:
4th extraction module, for extracting the page feature information of all pages of the first application program and being saved, institute
State one or more of packet name, layout, color, control title and the content of pages that page feature information includes the page.
12. detection device according to claim 10, which is characterized in that the detection device further include:
Setup module, it is described for setting state of activation for the state for the page that will be shown in first application program
The page that the page that will be shown is the page that first application program is being called or will be entered by returning to function.
13. a kind of mobile terminal characterized by comprising apply journey as claim 7- claim 12 is described in any item
The detection device of sequence Pagejack.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510790695.2A CN106713246B (en) | 2015-11-17 | 2015-11-17 | A kind of detection method, device and mobile terminal that the application program page is kidnapped |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510790695.2A CN106713246B (en) | 2015-11-17 | 2015-11-17 | A kind of detection method, device and mobile terminal that the application program page is kidnapped |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106713246A CN106713246A (en) | 2017-05-24 |
| CN106713246B true CN106713246B (en) | 2019-08-13 |
Family
ID=58933326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510790695.2A Active CN106713246B (en) | 2015-11-17 | 2015-11-17 | A kind of detection method, device and mobile terminal that the application program page is kidnapped |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713246B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107992745A (en) * | 2017-11-29 | 2018-05-04 | 暨南大学 | Kidnap countermeasure in a kind of interface based on Android platform |
| CN108234469A (en) * | 2017-12-28 | 2018-06-29 | 江苏通付盾信息安全技术有限公司 | Mobile terminal application safety protecting method, apparatus and system |
| CN108108618B (en) * | 2017-12-28 | 2021-05-25 | 中国信息通信研究院 | Application interface detection method and device for counterfeiting attack |
| CN109543407B (en) * | 2018-10-19 | 2024-04-05 | 三六零科技集团有限公司 | Activity hijacking interception method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082792A (en) * | 2010-12-31 | 2011-06-01 | 成都市华为赛门铁克科技有限公司 | Phishing webpage detection method and device |
| CN102737183B (en) * | 2012-06-12 | 2014-08-13 | 腾讯科技(深圳)有限公司 | Method and device for webpage safety access |
| CN103780659A (en) * | 2012-10-25 | 2014-05-07 | 中国电信股份有限公司 | Method for processing webpage address inputted by mobile subscriber and wireless application protocol gateway |
-
2015
- 2015-11-17 CN CN201510790695.2A patent/CN106713246B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106713246A (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106713246B (en) | A kind of detection method, device and mobile terminal that the application program page is kidnapped | |
| US11354397B2 (en) | System and method for augmented reality authentication of a user | |
| CN103514438A (en) | Face judgment system and method | |
| CN107798541B (en) | Monitoring method and system for online service | |
| CN106951866A (en) | A kind of face authentication method and device | |
| CN107948199B (en) | Method and device for rapidly detecting terminal shared access | |
| WO2014104694A1 (en) | Authentication server and method using label, and mobile device | |
| US9124623B1 (en) | Systems and methods for detecting scam campaigns | |
| CN105262731B (en) | A kind of identity information verification system based on fingerprint | |
| CN105792152A (en) | Method and device for recognizing pseudo base station short message | |
| CN105227901A (en) | A kind of method for safety monitoring of sensitive information input and device | |
| CN107995170A (en) | Auth method, device, computer equipment and computer-readable recording medium | |
| CN106326835A (en) | Human face data collection statistical system and method for gas station convenience store | |
| CN109145590A (en) | A kind of function hook detection method, detection device and computer-readable medium | |
| CN110619239A (en) | Application interface processing method and device, storage medium and terminal | |
| CN104751086A (en) | Terminal anti-theft method | |
| CN105825104A (en) | Service processing method based on fingerprint recognition and electronic equipment | |
| CN105938546A (en) | Real living identity verification terminal equipment based on infrared technology | |
| CN112307464A (en) | Fraud identification method and device and electronic equipment | |
| CN108090982A (en) | One kind is registered method, system and terminal device | |
| CN108777749B (en) | Fraud call identification method and device | |
| US8478340B1 (en) | Device for and method of detecting SIM card removal and reinsertion | |
| CN104580731B (en) | Display methods, device and the mobile terminal of call interface | |
| CN108154070A (en) | Face identification method and device | |
| CN107085694A (en) | Presentation of information treating method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |