CN106778264A - The application program analysis method and analysis system of a kind of mobile client - Google Patents
The application program analysis method and analysis system of a kind of mobile client Download PDFInfo
- Publication number
- CN106778264A CN106778264A CN201611050413.6A CN201611050413A CN106778264A CN 106778264 A CN106778264 A CN 106778264A CN 201611050413 A CN201611050413 A CN 201611050413A CN 106778264 A CN106778264 A CN 106778264A
- Authority
- CN
- China
- Prior art keywords
- api
- application program
- program
- operating system
- crucial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses the application program analysis method and analysis system of a kind of mobile client, analysis method includes:Crucial API in the operating system that selected operation application program is called;The source code of the operating system of mobile client is obtained, pitching pile is carried out to crucial API;Application program, the program behavior of records application program are run in an operating system;According to program behavior, analysis result is generated.When analysis method of the invention is run by records application program, program behavior performed during key API in application call operating system, and the program behavior that will be recorded as analysis application program whether safety reference frame, the task amount that the sample huge to data is analyzed can be significantly reduced, the efficiency of application program analysis is improve.
Description
Technical field
The present invention relates to application security technical field, the application program of more particularly to a kind of mobile client is analyzed
Method and analysis system.
Background technology
At present, all to possess video-see, voice call, search etc. various more for the mobile terminal such as smart mobile phone, panel computer
The function of sample, and the realization of these functions then depends on the application program installed on mobile terminals;In current hand
In machine operating platform, the problem that malicious code sample quantity takes place frequently often occurs, conventional is sentenced using artificial conversed analysis
Application program sample cluster of the disconnected sample with the presence or absence of the method for threatening not competent substantial amounts.For substantial amounts, spy
Levy various sample cluster, sample analysis engineer lacks a kind of efficient assistant analysis means, with as far as possible comprehensively triggering and
The monitoring potential behavior of sample, and the application of itself installation is understood with the presence or absence of unsafe acts.
The content of the invention
The technical problems to be solved by the invention are:Application program analysis method and the analysis of a kind of mobile client are provided
System, in the case where program precision of analysis is not influenceed, to improve the efficiency of application program analysis.
The present invention solves the technical scheme that is used of above-mentioned technical problem:
The invention provides a kind of application program analysis method of mobile client, including:Selected operation application program institute
Crucial API in the operating system called;The source code of the operating system of mobile client is obtained, pitching pile is carried out to crucial API;
Application program, the program behavior of records application program are run in operating system;According to program behavior, analysis result is generated.
Further, the process for selecting the crucial API in the operating system that operation application program is called includes:It is determined that should
The program function to be realized in an operating system with program;The program function all api functions to be called are realized in acquisition, are built
That founds api function calls order;According to order is called, key API is selected.
Further, according to order is called, the process for selecting key API includes:According to order is called, all API are determined
Function calls level and each quantity for calling the api function in level;Level is called by each, with previous calling layer
The api function that at least two api functions in level are associated, as crucial API.
Further, according to order is called, the process for selecting key API includes:According to order is called, operating system is determined
In framework layers of all API call level;Using call level most subordinate api function as crucial API.
Further, the source code of the operating system of mobile client is obtained, the process that crucial API carries out pitching pile is included:
Increase the code of printing log at the porch of crucial API or return, for performing output log information during application program;Its
In, log information at least includes:Log marks, the title of key API or mark, process ID, the incoming parameter of key API and return
Parameter.
Further, the source code of the operating system of mobile client is obtained, the process that crucial API carries out pitching pile is also wrapped
Include:Source code is recompilated, the mirror image of operating system is obtained.
Further, application program is run in an operating system, and the process of the program behavior of records application program includes:
Operating system is run in simulator, application program is installed in an operating system;Journey is applied using the control of Code schedule debugging acid
Sequence performs its program function;The log information exported during record configuration processor function, and obtain the program of application program
Bag name.
Further, according to program behavior, the process for generating analysis result includes:All log information of output are screened, really
The log information of fixed correspondence key API;Log information according to crucial API, crucial threat characteristics, generation are matched according to preset rules
Matching result is reported.
Further, all log information of screening output, it is determined that the process of the log information of correspondence key API includes:Look into
The log of all log information is looked for identify, log information of the screening with log marks;The process ID of all log information is obtained, is passed through
Lookup process ID is filtered with corresponding program-package name, it is determined that the log information of correspondence key API.
Present invention also offers a kind of application program analysis system, including:Selected unit, for selected operation application program
Crucial API in the operating system called;Pitching pile unit, the source code of the operating system for obtaining mobile client, to closing
Key API carries out pitching pile;Recording unit, for running application program, the program behavior of records application program in an operating system;Point
Analysis unit, for according to program behavior, generating analysis result.
Further, selected unit is additionally operable to:Determine the program function to be realized in an operating system of application program;Obtain
Take and realize the program function all api functions to be called, that sets up api function calls order;According to order is called, select and close
Key API.
Further, selected unit is additionally operable to:According to order is called, determine all api functions calls level and every
One quantity for calling the api function in level;Level is called by each, with the previous at least two API letters called in level
The associated api function of number, as crucial API.
Further, selected unit is additionally operable to:According to order is called, the institute of framework layers in operating system is determined
There is API's to call level;Using call level most subordinate api function as crucial API.
Further, pitching pile unit is additionally operable to:Increase the code of printing log at the porch of crucial API or return, use
Log information is exported when application program is performed;Wherein, log information at least includes:Log marks, the title of key API or mark,
Process ID, the incoming parameter of key API and return parameters.
Further, pitching pile unit is additionally operable to:Source code is recompilated, the mirror image of operating system is obtained.
Further, recording unit is additionally operable to:Operating system is run in simulator, is installed apply journey in an operating system
Sequence;Its program function is performed using Code schedule debugging acid control application program;Institute during record configuration processor function
The log information of output, and obtain the program-package name of application program.
Further, analytic unit is additionally operable to:All log information of output are screened, it is determined that the log letters of correspondence key API
Breath;Log information according to crucial API, crucial threat characteristics, generation matching result report are matched according to preset rules.
Further, analytic unit is additionally operable to:Search the log marks of all log information, log of the screening with log marks
Information;The process ID of all log information is obtained, is filtered with corresponding program-package name by lookup process ID, it is determined that correspondence is closed
The log information of key API.
The present invention is had an advantageous effect in that using above-mentioned technical proposal:
When analysis method of the invention is run by records application program, key API in application call operating system
When performed program behavior, and the program behavior that will be recorded as analysis application program whether the reference frame of safety, can
To be significantly reduced the task amount that the sample huge to data is analyzed, the efficiency of application program analysis is improve.
Brief description of the drawings
Fig. 1 is the overall flow figure of analysis method in one embodiment of the invention;
Fig. 2 is to call order in one embodiment of the invention and call the schematic diagram of level.
Specific embodiment
Clearly to illustrate the scheme in the present invention, preferred embodiment is given below and is described with reference to the accompanying drawings.With
Under illustrative in nature on be merely exemplary and be not intended to limit the disclosure application or purposes.It should be appreciated that
In whole accompanying drawings, corresponding reference represents identical or corresponding part and feature.
As shown in figure 1, the invention provides a kind of application program analysis method of mobile client, its step includes:
Crucial API in the operating system that S101, selected operation application program are called;Wherein, crucial API is to application
After program is analyzed, for the system AI of follow-up pitching pile;
The source code of S102, the operating system of acquisition mobile client, pitching pile is carried out to crucial API;In the step, can adopt
Pitching pile is carried out to crucial API with conventional pitching pile technology, for example, insert " probe " in the application, by probe come
The characteristic of acquisition program operation;
S103, application program is run in an operating system, the program behavior of records application program;
S104, according to program behavior, generate analysis result.
Different from the flow that conventional method of analysis is analyzed for a large amount of program samples, analysis method of the present invention is by prison
The program behavior of the crucial API that application program operation is called is surveyed and analyzed, sample analysis quantity can be effectively reduced, and can carry
The accuracy of application program analysis high.
In one embodiment of the invention, in above-mentioned steps 101, the operating system that selected operation application program is called
In the process of crucial API include:
Determine the program function to be realized in an operating system of application program;For example, being applied for youku.com, iqiyi.com etc.
Program, its program function is just Online Video is played, local video is played etc., and applies journey for qq music, KuGoo music etc.
Sequence, its program function to be realized is then music;It should be noted that the program work(added with application program itself
Can increase, single application program can realize various different program functions, therefore our crucial API for selecting then will be with
The program function of predictive analysis is adapted, for example, for application programs such as above-mentioned youku.com, iqiyi.coms, can select and regard online
One of them of frequency playing function or local video playing function as predictive analysis program function;Due to same application journey
Association, therefore the key that the present invention is selected during analysis are there may be between distinct program function achieved by sequence
The type and quantity of API need according to actual analysis it needs to be determined that, the invention is not limited in this regard;
The program function all api functions to be called are realized in acquisition, and that sets up api function calls order;Shown in Fig. 2
It is the order of the api function that certain application program is realized in an embodiment program function is called, first at framework layers
The api function of correlation is called, after the api function for completing framework layers is performed, libraries layers of related API letters is called
Number, meanwhile, framework layers and libraries layers also includes multiple api functions, is called by the api function for setting suitable
Sequence, it is common to realize expected program function;
Those skilled in the art can select the crucial API for pitching pile according to order is called.
In one embodiment of the invention, according to order is called, the process for selecting key API includes:
According to order is called, determine all api functions calls level and each number for calling the api function in level
Amount;For example, in the embodiment of Fig. 2, API A, API B and API D are in same level, the level can be named as into most higher level
Or first level, and the API C being associated with API A and API B and the API E that are associated with API D are then in later layer
Level, it is also possible to which the level is named as the second level;Similarly, can be to framework layers and libraries layers other API letters
Level is called in number foundation;
Level is called by each, the api function being associated with previous at least two api functions called in level makees
It is crucial API;For example, in the embodiment of Fig. 2, the API F in third layer level are associated with API C and the API E of previous level
Two functions, then can select the API F for key API.
In another embodiment of the present invention, according to order is called, the process for selecting key API includes:
According to order is called, determine that the framework in operating system layers of all API call level;
Using call level most subordinate api function as crucial API, in the step, the API of the most subordinate for selecting is
API X in the embodiment of direct correlation libraries layers of function, i.e. Fig. 2.
In one embodiment of the invention, the source code of the operating system of mobile client is obtained, crucial API is inserted
The process of stake includes:
Increase the code of printing log at the porch of crucial API or return, log is exported during application program for performing
Information;Wherein, log information at least includes:Log marks, the title of key API or mark, process ID, the incoming ginseng of key API
Number and return parameters.
For example:The crucial API for choosing is in source code mesh:
During modification, at return native_get (key);Preceding following 3 line code of insertion:
Wherein, it is log marks to define GUID, and it is the log information for needing printing to define msg, and printing is performed by Log functions
The function of log information.
By the application program that the operating system of mobile client is installed can all print log information, in order that after pitching pile
The log information that is exported of application program distinguished with the log of other application program, it is therefore desirable to marked with log.
Analysis personnel pass through crucial API Name or mark, it is known that analyzed application program is directly or indirectly used
The approach of the API, and its operation content for performing, such as written document, send network data, read address list etc..
Meanwhile, analysis personnel by the incoming parameter and return parameters of crucial API, can also understand the operation content of API
And operating result, for example, the particular content of the short message that application program is read, performs whether certain sql sentence succeeds.
In one embodiment of the invention, the source code of the operating system of mobile client is obtained, crucial API is inserted
The process of stake also includes:
Source code is recompilated, the mirror image of operating system is obtained;Recompilating source code can obtain being related to operating system mirror image
Data file, such as system.img files;After associated data files are obtained, technical staff can be simulated using operating system
The device load and execution application program, such that it is able to realize the monitoring to application program sample, and by its operation behavior record every
In bar log information.
In one embodiment of the invention, application program, the program line of records application program are run in an operating system
For process include:
Operating system is run in simulator, application program is installed in an operating system;
Its program function is performed using Code schedule debugging acid control application program;Code schedule debugging acid can be with mould
Intend " triggering comprehensively " operation to application program, " triggering comprehensively " refers to simulate people by code instrumentation to operate app, example
Such as slide, click on, each program function module of application program is all performed as far as possible;Application program particularly to be analyzed
In have some behavior needs perform specific operation after could, therefore for avoid omit, it is necessary to using Code schedule debugging work
Tool is simulated operation;For example, when the application program to Android system is analyzed, being carried using Android system
Debugging plan builds analysis environments, and uses Android emulator orders, Android adb orders, avd telnet lives
Order, Android Monkey etc. realize Code schedule debugging acid automated analysis.
The log information exported during record configuration processor function, and obtain the program-package name of application program.
In one embodiment of the invention, according to program behavior, the process for generating analysis result includes:
All log information of output are screened, it is determined that the log information of correspondence key API;In embodiment, log will be labeled with
The log information deletions of mark, log information of the log information that will be identified with log as correspondence key API;
Log information according to crucial API, crucial threat characteristics, generation matching result report are matched according to preset rules;Close
Key threat characteristics refer to record behavior in there is destruction mobile phone safe, threaten the behavior of the malicious operation such as privacy of user, for example:
SQL injection, short message sending sensitive information, equipment manager leak;The purpose of this step is to judge analyzed to analysis personnel
Using whether belong to malicious code provide foundation.
Each specific specific rule of key threat characteristics correspondence, for example:Content in short message is extracted in matching, finds to include
The information such as local system version, i.e., as a threat characteristics.
In embodiment, the program behavior for being recorded includes but is not limited to initiation network connection, network and sends information, network and connect
Collect mail and cease, open file, read file, written document, send short message, read local short message, acquisition loCal number, read communication
Record, call, obtain geographical location information, recording, open broadcast listening, open Activity, open Service, data
Storehouse associative operation, cryptography associative operation.
In one embodiment of the invention, all log information of screening output, it is determined that the log information of correspondence key API
Process include:
Search the log marks of all log information, log information of the screening with log marks;
The process ID of all log information is obtained, is filtered with corresponding program-package name by lookup process ID, it is determined that correspondence
The log information of crucial API.
Present invention also offers a kind of application program analysis system, the analysis system is using disclosed in above-described embodiment
Analysis method is analyzed to the application program of mobile client, and analysis system includes:
Selected unit, for selecting the crucial API in the operating system that operation application program is called;
Pitching pile unit, the source code of the operating system for obtaining mobile client, pitching pile is carried out to crucial API;
Recording unit, for running application program, the program behavior of records application program in an operating system;
Analytic unit, for according to program behavior, generating analysis result.
In one embodiment of the invention, selected unit is additionally operable to:Determine that application program wants real in an operating system
Existing program function;The program function all api functions to be called are realized in acquisition, and that sets up api function calls order;According to
Order is called, key API is selected.
In one embodiment of the invention, selected unit is additionally operable to:According to order is called, all api functions are determined
Call level and each quantity for calling the api function in level;Level is called by each, level is called with previous
The associated api function of at least two api functions, as crucial API.
In one embodiment of the invention, selected unit is additionally operable to:According to calling order, in determining operating system
Framework layers of all API's calls level;Using call level most subordinate api function as crucial API.
In one embodiment of the invention, pitching pile unit is additionally operable to:Increase at the porch of crucial API or return and beat
The code of log is printed, for performing output log information during application program;Wherein, log information at least includes:Log marks, key
The title or mark of API, process ID, the incoming parameter of key API and return parameters.
In one embodiment of the invention, pitching pile unit is additionally operable to:Source code is recompilated, the mirror of operating system is obtained
Picture.
In one embodiment of the invention, recording unit is additionally operable to:Operating system is run in simulator, is in operation
Application program is installed in system;Its program function is performed using Code schedule debugging acid control application program;Record configuration processor
The log information exported during function, and obtain the program-package name of application program.
In one embodiment of the invention, analytic unit is additionally operable to:All log information of output are screened, it is determined that correspondence
The log information of crucial API;Log information according to crucial API, crucial threat characteristics, generation matching knot are matched according to preset rules
Retribution is accused.
In one embodiment of the invention, analytic unit is additionally operable to:Search the log marks of all log information, screening tool
There is the log information that log is identified;The process ID of all log information is obtained, was carried out with corresponding program-package name by lookup process ID
Filter, it is determined that the log information of correspondence key API.
In sum, above said content is only embodiments of the invention, is merely to illustrate principle of the invention, is not used
In restriction protection scope of the present invention.All any modifications within the spirit and principles in the present invention, made, equivalent, change
Enter, should be included within the scope of the present invention.
Claims (18)
1. the application program analysis method of a kind of mobile client, it is characterised in that including:
Crucial API in the operating system that the selected operation application program is called;
The source code of the operating system of the mobile client is obtained, pitching pile is carried out to the crucial API;
The application program is run in the operating system, the program behavior of the application program is recorded;
According to described program behavior, analysis result is generated.
2. analysis method according to claim 1, it is characterised in that the operation that the selected operation application program is called
The process of the crucial API in system includes:
Determine the program function to be realized in the operating system of the application program;
The described program function all api functions to be called are realized in acquisition, and that sets up the api function calls order;
Order is called according to described, the crucial API is selected.
3. analysis method according to claim 2, it is characterised in that call order according to described, select the crucial API
Process include:
Order is called according to described, determine all api functions calls level and each API called in level
The quantity of function;
By it is each it is described call level, with it is previous call in level at least two described in the API letters that are associated of api function
Number, as the crucial API.
4. analysis method according to claim 2, it is characterised in that call order according to described, select the crucial API
Process include:
Order is called according to described, determines that the framework in the operating system layers of all API call level;
Using the api function of the most subordinate for calling level as the crucial API.
5. analysis method according to claim 2, it is characterised in that obtain the source of the operating system of the mobile client
Code, includes to the process that the crucial API carries out pitching pile:
Increase the code of printing log at the porch of the crucial API or return, exported during the application program for being performed
Log information;
Wherein, the log information at least includes:Log marks, the title of the crucial API or mark, process ID, the key
The incoming parameter and return parameters of API.
6. analysis method according to claim 5, it is characterised in that obtain the source of the operating system of the mobile client
Code, also includes to the process that the crucial API carries out pitching pile:
The source code is recompilated, the mirror image of the operating system is obtained.
7. analysis method according to claim 6, it is characterised in that the application journey is run in the operating system
Sequence, the process for recording the program behavior of the application program includes:
The operating system is run in simulator, the application program is installed in the operating system;
The application program is controlled to perform its program function using Code schedule debugging acid;
The log information that record is exported during performing described program function, and obtain the program-package name of the application program.
8. analysis method according to claim 7, it is characterised in that according to described program behavior, generation analysis result
Process includes:
All log information of output are screened, it is determined that the log information of the correspondence crucial API;
According to the log information of the crucial API, crucial threat characteristics are matched according to preset rules, generate matching result report
Accuse.
9. analysis method according to claim 8, it is characterised in that all log information of screening output, it is determined that correspondence institute
The process for stating the log information of crucial API includes:
Search the log marks of all log information, log information of the screening with log marks;
The process ID of all log information is obtained, is filtered with corresponding program-package name by lookup process ID, it is determined that correspondence
The log information of the crucial API.
10. a kind of application program analysis system, it is characterised in that including:
Selected unit, for selecting the crucial API in the operating system that the operation application program is called;
Pitching pile unit, the source code of the operating system for obtaining the mobile client carries out pitching pile to the crucial API;
Recording unit, for running the application program in the operating system, records the program behavior of the application program;
Analytic unit, for according to described program behavior, generating analysis result.
11. analysis systems according to claim 10, it is characterised in that the selected unit is additionally operable to:
Determine the program function to be realized in the operating system of the application program;
The described program function all api functions to be called are realized in acquisition, and that sets up the api function calls order;
Order is called according to described, the crucial API is selected.
12. analysis systems according to claim 11, it is characterised in that the selected unit is additionally operable to:
Order is called according to described, determine all api functions calls level and each API called in level
The quantity of function;
By it is each it is described call level, with it is previous call in level at least two described in the API letters that are associated of api function
Number, as the crucial API.
13. analysis systems according to claim 11, it is characterised in that the selected unit is additionally operable to:
Order is called according to described, determines that the framework in the operating system layers of all API call level;
Using the api function of the most subordinate for calling level as the crucial API.
14. analysis systems according to claim 11, it is characterised in that the pitching pile unit is additionally operable to:
Increase the code of printing log at the porch of the crucial API or return, exported during the application program for being performed
Log information;
Wherein, the log information at least includes:Log marks, the title of the crucial API or mark, process ID, the key
The incoming parameter and return parameters of API.
15. analysis systems according to claim 14, it is characterised in that the pitching pile unit is additionally operable to:
The source code is recompilated, the mirror image of the operating system is obtained.
16. analysis systems according to claim 15, it is characterised in that the recording unit is additionally operable to:
The operating system is run in simulator, the application program is installed in the operating system;
The application program is controlled to perform its program function using Code schedule debugging acid;
The log information that record is exported during performing described program function, and obtain the program-package name of the application program.
17. analysis systems according to claim 16, it is characterised in that the analytic unit is additionally operable to:
All log information of output are screened, it is determined that the log information of the correspondence crucial API;
According to the log information of the crucial API, crucial threat characteristics are matched according to preset rules, generate matching result report
Accuse.
18. analysis systems according to claim 17, it is characterised in that the analytic unit is additionally operable to:
Search the log marks of all log information, log information of the screening with log marks;
The process ID of all log information is obtained, is filtered with corresponding program-package name by lookup process ID, it is determined that correspondence
The log information of the crucial API.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611050413.6A CN106778264A (en) | 2016-11-24 | 2016-11-24 | The application program analysis method and analysis system of a kind of mobile client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611050413.6A CN106778264A (en) | 2016-11-24 | 2016-11-24 | The application program analysis method and analysis system of a kind of mobile client |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106778264A true CN106778264A (en) | 2017-05-31 |
Family
ID=58911192
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611050413.6A Pending CN106778264A (en) | 2016-11-24 | 2016-11-24 | The application program analysis method and analysis system of a kind of mobile client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106778264A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109697163A (en) * | 2018-12-14 | 2019-04-30 | 西安四叶草信息技术有限公司 | Program testing method and equipment |
| CN109933986A (en) * | 2019-03-08 | 2019-06-25 | 北京椒图科技有限公司 | Malicious code detecting method and device |
| CN110661796A (en) * | 2019-09-23 | 2020-01-07 | 武汉绿色网络信息服务有限责任公司 | User action flow identification method and device |
| CN111611032A (en) * | 2019-02-25 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Detection method and device for user interface drawing level and over-drawing |
| CN112131110A (en) * | 2020-09-21 | 2020-12-25 | 安徽捷兴信源信息技术有限公司 | Multisource heterogeneous data probe method and device of smart phone system |
| CN113377379A (en) * | 2021-08-12 | 2021-09-10 | 四川腾盾科技有限公司 | Simulator instruction instrumentation-based operating system information statistical method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110231936A1 (en) * | 2010-03-19 | 2011-09-22 | Aspect Security Inc. | Detection of vulnerabilities in computer systems |
| CN104715195A (en) * | 2015-03-12 | 2015-06-17 | 广东电网有限责任公司信息中心 | Malicious code detecting system and method based on dynamic instrumentation |
| CN104866765A (en) * | 2015-06-03 | 2015-08-26 | 康绯 | Behavior characteristic similarity-based malicious code homology analysis method |
-
2016
- 2016-11-24 CN CN201611050413.6A patent/CN106778264A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110231936A1 (en) * | 2010-03-19 | 2011-09-22 | Aspect Security Inc. | Detection of vulnerabilities in computer systems |
| CN104715195A (en) * | 2015-03-12 | 2015-06-17 | 广东电网有限责任公司信息中心 | Malicious code detecting system and method based on dynamic instrumentation |
| CN104866765A (en) * | 2015-06-03 | 2015-08-26 | 康绯 | Behavior characteristic similarity-based malicious code homology analysis method |
Non-Patent Citations (3)
| Title |
|---|
| 何志昌: "Android平台应用程序恶意行为检测方法研究", 《万方数据知识服务平台》 * |
| 武宏飞: "基于复杂网络的软件网络关键节点挖掘算法研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 王乾: "基于动态二进制分析的关键函数定位技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109697163A (en) * | 2018-12-14 | 2019-04-30 | 西安四叶草信息技术有限公司 | Program testing method and equipment |
| CN109697163B (en) * | 2018-12-14 | 2022-03-04 | 西安四叶草信息技术有限公司 | Program testing method and device |
| CN111611032A (en) * | 2019-02-25 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Detection method and device for user interface drawing level and over-drawing |
| CN111611032B (en) * | 2019-02-25 | 2023-05-26 | 阿里巴巴集团控股有限公司 | User interface drawing level and excessive drawing detection method and device |
| CN109933986A (en) * | 2019-03-08 | 2019-06-25 | 北京椒图科技有限公司 | Malicious code detecting method and device |
| CN110661796A (en) * | 2019-09-23 | 2020-01-07 | 武汉绿色网络信息服务有限责任公司 | User action flow identification method and device |
| CN112131110A (en) * | 2020-09-21 | 2020-12-25 | 安徽捷兴信源信息技术有限公司 | Multisource heterogeneous data probe method and device of smart phone system |
| CN113377379A (en) * | 2021-08-12 | 2021-09-10 | 四川腾盾科技有限公司 | Simulator instruction instrumentation-based operating system information statistical method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106778264A (en) | The application program analysis method and analysis system of a kind of mobile client | |
| CN110659206B (en) | Simulation architecture establishment method and device based on micro-service, medium and electronic equipment | |
| CN103186740B (en) | A kind of automated detection method of Android malware | |
| CN104899016B (en) | Allocating stack Relation acquisition method and device | |
| CN104281808B (en) | A kind of general Android malicious act detection methods | |
| CN104391694B (en) | Intelligent mobile terminal software public service support platform system | |
| CN107894889A (en) | Bury point methods, equipment and computer-readable recording medium | |
| CN110381026B (en) | Business service packaging and accessing system, method and device for rich client | |
| CN111309505B (en) | Page exception handling method and device and electronic equipment | |
| CN105224869A (en) | Assembly test method and device | |
| CN107168844B (en) | Performance monitoring method and device | |
| CN109726830A (en) | Equipment routing inspection method, apparatus, electronic equipment and storage medium | |
| CN112364267B (en) | Front-end data acquisition method and device | |
| CN105468511A (en) | Web page script error positioning method and apparatus | |
| CN105574150A (en) | Data processing method and device | |
| CN112749083A (en) | Test script generation method and device | |
| CN111930621A (en) | DNS automation performance testing method, device, equipment and readable storage medium | |
| CN114816815A (en) | Fault positioning method, log format configuration method, equipment and storage medium | |
| CN102025555B (en) | Method and device for testing IP multimedia sub-system performance | |
| CN108932199B (en) | Automatic taint analysis system based on user interface analysis | |
| CN112817816A (en) | Embedded point processing method and device, computer equipment and storage medium | |
| CN112632547A (en) | Data processing method and related device | |
| CN111857932A (en) | Web substitution and filling method for operation and maintenance auditing system based on puppeteer | |
| Bello-Jiménez et al. | Opia: A tool for on-device testing of vulnerabilities in android applications | |
| CN115514677B (en) | Method and system for server dial testing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |