CN106778271B - A kind of Android reinforces the reverse process method of plug-in unit - Google Patents
A kind of Android reinforces the reverse process method of plug-in unit Download PDFInfo
- Publication number
- CN106778271B CN106778271B CN201611156778.7A CN201611156778A CN106778271B CN 106778271 B CN106778271 B CN 106778271B CN 201611156778 A CN201611156778 A CN 201611156778A CN 106778271 B CN106778271 B CN 106778271B
- Authority
- CN
- China
- Prior art keywords
- plug
- unit
- reverse
- class
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/74—Reverse engineering; Extracting design information from source code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The invention discloses a kind of reverse process method that Android reinforces plug-in unit, includes the following steps: to carry out map processing to the executable file dex of application, generate the visualization map of dex file;The Key Functions for obtaining class load of the virtual machine to java class, determine the timing node of reverse plug-in unit;It modifies to the Dalvik virtual machine of Android system, by the load of carry out class and initialization of kind disposable all in application, all classes will be decrypted and are loaded into memory, collect category information all in memory, by it is all it is reverse after class reconfigure and generate new dex file, since the instruction of java class in memory can be modified in class initialization procedure, it is modified when collecting the information in memory, therefore this available most reinforcing plug-in unit source code of reverse process method provided by the invention, and the degree of automation is higher, the reverse process that plug-in unit is reinforced for Android is realized as cost using lesser performance cost.
Description
Technical field
The invention belongs to mobile security technical fields, and the reverse process side of plug-in unit is reinforced more particularly, to a kind of Android
Method.
Background technique
As the main carriers that mobile internet era calculates, mobile intelligent terminal stores more private datas, wraps
Contact information, message registration and geographical location information etc. are included, safety problem is more also easy to produce, privacy of user data leak can energy band
Carry out catastrophic consequence.
Android (Android) application is developed based on Java language, easy to be reverse by malicious attacker, causes developer arduous
The application of exploitation is obtained by malicious attacker;Application source code after reverse can be also implanted into malice generation by some malicious attackers
Code causes to beat again packet malicious application prevailing.Security firm provides Android application and reinforces service to solve problems.
However, causing many malicious attackers by malicious application since security firm is usually not to application progress security sweep is uploaded
It is reinforced, to escape the killing of security engine.Malicious attacker is using dynamically load skill using more advanced technology at present
Art, delay start malicious code, opening timing device, reflection execute malicious code.
It is reinforced and safety problem present in Dynamic loading technique, research both domestic and external to solve Android application program
Some explorations and research has been carried out in personnel.DexHunter(Zhang Y,Luo X,Yin H.Dexhunter:Toward
extracting hidden code from packed android applications.in:Proceedings of 20th
European Symposium on Research in Computer Security.Vienna:Springer,2015.293-
311.) start with from the reinforcing service provider of current mainstream, propose for the reverse process method for reinforcing service provider at present, applying
Load into after memory, obtain executable file position in memory, traverse java class all in executable file, to its into
The load and initialization of row active, then the information in memory is obtained, what is obtained at this time is exactly using true instruction, but this method
Dynamically load plug-in unit Reverse Problem is not solved.Poeplau S(Poeplau S,Fratantonio Y,Bianchi A,et
al.Execute This!Analyzing Unsafe and Malicious Dynamic Code Loading in
Android Applications.in:21st Annual Network and Distributed System Security
Symposium.San Diego:ISOC, 2014.34-46) it systematic analyze dynamically load code bring safety and asks
Topic, the code of dynamically load is found using static analysis tools automatically;Leakage may be utilized by malicious attacker for benign application
Hole loads the problem of malicious plugins, by android system Framework layers of the modification integrality school come dynamically load code
It tests;But this method lacks practicability and integrality;In conclusion current method is inverse primarily directed to Android application progress
To, or solution is proposed to safety problem existing for dynamically load;From the perspective of implementation, existing solution
The odex file after optimizing after application is installed only is obtained, its source code can not then be obtained for the plug-in unit of reinforcing.
Summary of the invention
Aiming at the above defects or improvement requirements of the prior art, the present invention provides the reverse places that a kind of Android reinforces plug-in unit
Reason method, the Scheme of Strengthening used its object is to identify unknown malicious application can be got when triggering plug-in unit installation
Plug-in unit, and it is carried out inversely, to carry out source code analysis to plug-in unit.
To achieve the above object, according to one aspect of the present invention, a kind of reverse process of Android reinforcing plug-in unit is provided
Method loads its first Java reinforcing plug-in unit by modification Android system virtual machine class load mechanism and initial method
Class by the traversal of java class active all in the reinforcing plug-in unit and is loaded into memory before, initializes all Java
All collect about the information for reinforcing plug-in unit in memory is assembled into new odex file, after obtaining inversely by class
Plug-in unit source code information.
Preferably, the method for carrying out reverse process to unknown plug-in unit using the above method, specifically comprises the following steps:
(1) service platform is reinforced by application to reinforce the unknown plug-in unit;And map is carried out to plug-in unit is reinforced
Processing determines that application reinforces service platform to the reinforcing Optimal Parameters of plug-in unit;
(2) Android system source code is modified, monitoring obtains the dynamically load path for reinforcing plug-in unit on simulator;
(3) critical path loaded according to virtual machine class in Android system modifies virtual machine initialization procedure, initial in class
The change stage carries out reverse odex file after generating inversely to plug-in unit is reinforced, and changes the value of virtual machine control variable;
(4) plug-in download is triggered, is controlled in plug-in unit implementation procedure according to virtual machine and is owned in the value identification plug-in unit of variable
Java class position in memory;
The java class in odex file after traversal is reverse, actively carries out class load and initialization, stores according in memory
It is reverse after information generate new odex file;
(5) decompiling is carried out to the new odex file using the tool of open source, obtains to test to use and reinforces plug-in unit
Smali code;Malicious attack information can be known by the way that the smali code to be compared with its source code.
Preferably, above-mentioned Android reinforces the reverse process method of plug-in unit, and step (2) includes following sub-step:
(2.1) according to the dynamically load Frame Source of open source, the calling interface of dynamically load odex file is found out;
(2.2) calling interface is modified, monitors the path for obtaining the dynamically load for reinforcing plug-in unit by log on simulator.
Preferably, above-mentioned Android reinforces the reverse process method of plug-in unit, and step (3) includes following sub-step:
(3.1) process of java class, the function call of tracking class load and initialization are executed according to Android system virtual machine
Process obtains the Key Functions of initialization;
(3.2) all java class are traversed, all java class are initialized according to Key Functions;
(3.3) test is carried out inversely with plug-in unit is reinforced in java class initial phase, the odex file after generating inversely,
And change the value of virtual machine control variable.
Preferably, above-mentioned Android reinforces the reverse process method of plug-in unit, and step (4) includes following sub-step:
(4.1) downloading of plug-in unit is reinforced in triggering, reinforces the change of triggering control variable when plug-in unit executes for the first time;
(4.2) it is identified according to the value of control variable and reinforces the position of java class all in plug-in unit in memory, and will
Odex file path after reverse is transmitted to reverse module;
(4.3) reverse module traverses java class all in the odex file after reverse, actively carries out class load
And initialization, and will it is reverse after information storage to memory;
(4.4) according to be collected into memory it is reverse after information generate new odex file.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, can obtain down and show
Beneficial effect:
(1) Android provided by the invention reinforces the reverse process method of plug-in unit, is carried out by the virtual machine to Android system
Modification, is changed to the load of carry out class and initialization to kind disposable all in application for the process that class one by one loads, will
All classes are decrypted and are loaded into memory, and all category information in memory is collected, by it is all it is reverse after class carry out group again
The odex file of symphysis Cheng Xin;
Since the instruction of java class in memory can be modified in class initialization procedure, the meeting when collecting the information in memory
It is modified, therefore available to most reinforcing plug-in unit source code, and the degree of automation is higher, with lesser performance
Expense is that cost is realized for the reverse of Android reinforcing plug-in unit;
(2) Android provided by the invention reinforces the reverse process method of plug-in unit, and reverse generation is inserted at the class load of application
Code finds the Key Functions of java class load in Android system virtual machine, carries out in Key Functions to all java class
Traversal, reinitializes, starts overall flow at the relevant application-specific programming interface of private data, so that institute of the present invention
Increased process affects only small portion in all processes of total system, does not influence the modularity unrelated with private data
Energy.
Detailed description of the invention
Fig. 1 is integrated stand composition of the invention;
Fig. 2 is the flow diagram for the reverse process method that Android provided in an embodiment of the present invention reinforces plug-in unit;
Fig. 3 is the flow diagram of step 1 of the embodiment of the present invention;
Fig. 4 is the flow diagram of step 2 of the embodiment of the present invention;
Fig. 5 is the flow diagram of step 3 of the embodiment of the present invention;
Fig. 6 is the flow diagram of step 4 of the embodiment of the present invention;
Fig. 7 is the flow diagram of step 5 of the embodiment of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below
Not constituting a conflict with each other can be combined with each other.
Technical term according to the present invention is explained and illustrated first below:
Android: by the Mobile operating system based on linux kernel of the leading exploitation of Google;
Virtual machine: Dalvik virtual machine is referred specifically to;
Android application: the application program in android system is operated in, is mainly developed by Java language;
Host program: the main part of Android application program is under the jurisdiction of the code section of developer, mainly includes
The corn module of application program;
Android plug-in unit: being substantially also Android application program, Android plug-in unit is in application operation as application
A functional module be loaded into host application in;
Android is reinforced: being similar to data encryption, the source code of Android application program is protected, is being run
Shi Xiemi;
Private data: the personal data of user's storage in systems, mainly include contact information, logical in a mobile device
Words record, geographical location information and device-dependent message etc.;
Malicious plugins: obtaining privacy of user data or destroys the plug-in unit of the behaviors such as equipment normal operation;
Dynamically load: it is dynamically loaded into plug-in unit in application operation, is embedded into operation for plug-in unit as a fraction
In.
The reverse process method for reinforcing plug-in unit to Android provided by the present invention below in conjunction with specific embodiments and the drawings is done
It further illustrates.
Android provided by the invention reinforces the reverse scheme of plug-in unit, the purpose is to intercept and capture the plug-in unit of dynamically load, and certainly to it
The carry out of dynamicization is reverse, improves reverse efficiency, and comprehensively obtains the source code of reinforcement application as far as possible;Modify bottom
Virtual machine class load mechanism and initial method, by Java all in application before reinforcement application loads first java class
The traversal of class active, and load into memory, all java class are initialized, by the information about this application all in memory
Collect, be reassembled into new odex file, this odex file be exactly it is reverse after apply source code information, by opening
Source tool is reduced into the original code java class information before reinforcement application.
It is the overall architecture that Android provided by the invention reinforces plug-in unit reverse method, wherein Dalvik is empty shown in Fig. 1
Quasi- machine part indicates modified system module;The work of this method is concentrated mainly on following two part: to the evil of reinforcing
Meaning application carries out map, and the feature after being reinforced determines the mode that unknown applications are reinforced;Modification Dalvik virtual machine class adds
Support method, all classes in traversal applications, and be loaded into memory, all classes are initialized, reverse module and plug-in unit are loaded
Mechanism combines, and setting control variable collects code information all in memory, is reassembled into new odex file.
Fig. 2 is the flow diagram that the Android that embodiment provides reinforces plug-in unit reverse method, specifically includes the following steps:
(1) it uploads test application (known source code) to be reinforced to each application reinforcing service provider, after downloading is reinforced
Using progress map processing obtains each application and reinforces the feature after service provider reinforces;
(2) android system source code is modified, the critical path of plug-in unit dynamically load is obtained;
(3) Android application execution process is analyzed, android system virtual machine is modified, in class initial phase to reinforcing
Using or plug-in unit carry out reverse, generate new odex file, and change the value of control variable;
(4) downloading of malicious plugins is reinforced in triggering, and plug-in unit can also be loaded through system virtual machine, according to control variable
Value, can obtain the position of plug-in unit in memory, then carry out to plug-in unit reverse;
(5) new odex file can be generated under application installation directory after reverse success, using the tool of open source to odex
File carries out inversely, obtaining the smali code of original application.
In embodiment, the process of step (1) is as shown in figure 3, include following sub-step:
(1.1) an Android application is developed;In embodiment, by taking a news client end AP P as an example;
(1.2) news client end AP P is signed, using this APP as probe card;
(1.3) probe card the happy platform of reinforcing of Tencent is uploaded to reinforce;
(1.4) downloading is reinforced plug-in unit and is decompressed, and obtains executable file class.dex, carries out map to it, risen
The happy reinforcing feature for reinforcing platform of news;Through the above steps, each spectrum library for reinforcing platform can be established, to store each reinforcing platform
Reinforcing feature;
In embodiment, the process of step (2) is as shown in figure 4, include following sub-step:
(2.1) the dynamically load Frame Source increased income at present is analyzed, dynamically load dex file or jar file are found out
Calling interface;
(2.2) calling interface that tracking developer calls, obtains the critical path of plug-in unit dynamically load, and positioning plug-in unit is being
The position stored after system bottom load.
In embodiment, the process of step (3) is as shown in figure 5, include following sub-step:
(3.1) process for executing java class is explained according to Dalvik virtual machine in android system, is found reverse reinforce and is answered
Method;
(3.2) when opening dex file, load class file, initialization class, the specific plug-in unit of calling, actively traversal is opened
The customized all java class of originator;
(3.3) information to java class all in plug-in unit in memory is collected, new dex file is reorganized into;
(3.4) change the value of control variable.
In embodiment, the process of step (4) is as shown in fig. 6, include following sub-step:
(4.1) after plug-in unit is installed, the change of control variable can be triggered when executing for the first time;
(4.2) after triggering plug-in download, the virtual machine of modification can be identified according to the value of control variable to be reinforced in plug-in unit
The position of all java class in memory, and will it is reverse after odex file path be transmitted to reverse module
(4.3) reverse module is traversed java class all in odex is changed, the load of carry out class and initialization of active,
It is stored in memory at this time be it is reverse after information;
(4.4) information after collecting inversely is reorganized into new odex file.
In embodiment, the process of step (5) is as shown in fig. 7, comprises following sub-step:
(5.1) plug-in unit decompression will be reinforced, executable file class.dex file is obtained, copies the tools mesh under SDK to
Under record;
(5.2) baksmali-2.0.0.jar and jd-gui.exe program is downloaded, baksmali-2.0.2.jar is put into
Under tools catalogue under SDK;
(5.3) the tools catalogue under SDK is entered, java-jar baksmali-2.0.0.jar-o is inputted
Classout/class.dex generates the smali code of class.dex under classout catalogue;
(5.4) the plug-in unit plugin.dex generated after reverse is also similarly handled, smali code to generation and
Source code is compared, and determines malicious code information.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to
The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include
Within protection scope of the present invention.
Claims (4)
1. a kind of reverse process method that Android reinforces plug-in unit, which is characterized in that pass through modification Android system virtual machine class load
Mechanism and initial method, by java class all in the reinforcing plug-in unit before reinforcing plug-in unit and loading its first java class
The traversal of active is simultaneously loaded into memory, initialize all java class, reinforces plug-in unit about described for all in memory
Information, which collects, is assembled into new odex file, the plug-in unit source code information after obtaining inversely;
The method for carrying out reverse process to unknown plug-in unit using the method, specifically comprises the following steps:
(1) service platform is reinforced by application to reinforce the unknown plug-in unit;And map processing is carried out to plug-in unit is reinforced,
Determine that application reinforces service platform to the reinforcing Optimal Parameters of plug-in unit;
(2) Android system source code is modified, monitoring obtains the dynamically load path for reinforcing plug-in unit on simulator;
(3) critical path loaded according to virtual machine class in Android system modifies virtual machine initialization procedure, initializes rank in class
Section carries out reverse odex file after generation is reverse to plug-in unit is reinforced, and changes the value of virtual machine control variable;
(4) plug-in download is triggered, according to all in the value identification plug-in unit of virtual machine control variable in plug-in unit implementation procedure
The position of java class in memory;
Traverse it is described it is reverse after odex file in java class, actively carry out class load and initialization, stored according in memory
It is reverse after information generate new odex file;
(5) decompiling is carried out to the new odex file using the tool of open source, obtains test with the smali generation for reinforcing plug-in unit
Code;Malicious attack information can be known by the way that the smali code to be compared with its source code.
2. reverse process method as described in claim 1, which is characterized in that the step (2) includes following sub-step:
(2.1) according to the dynamically load Frame Source of open source, the calling interface of dynamically load odex file is found out;
(2.2) calling interface is modified, monitors the path for obtaining the dynamically load for reinforcing plug-in unit by log on simulator.
3. reverse process method as claimed in claim 1 or 2, which is characterized in that the step (3) includes following sub-step:
(3.1) process of java class is executed according to Android system virtual machine, tracking class loads and the function call process of initialization,
Obtain the Key Functions of initialization;
(3.2) all java class are traversed, class is initialized according to the Key Functions;
(3.3) test is carried out inversely in class initial phase, the odex file after generating inversely with plug-in unit is reinforced, and changes void
The value of quasi- machine control variable.
4. reverse process method as claimed in claim 1 or 2, which is characterized in that the step (4) includes following sub-step:
(4.1) downloading of plug-in unit is reinforced in triggering;The change for reinforcing triggering control variable when plug-in unit executes for the first time;
(4.2) it is identified according to the value of control variable and reinforces the position of java class all in plug-in unit in memory, and will be reverse
Odex file path afterwards is transmitted to reverse module;
(4.3) reverse module traverses java class all in the odex file after reverse, actively carries out class load with it is first
Beginningization, and will it is reverse after information storage to memory;
(4.4) according to be collected into memory it is reverse after information generate new odex file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611156778.7A CN106778271B (en) | 2016-12-15 | 2016-12-15 | A kind of Android reinforces the reverse process method of plug-in unit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611156778.7A CN106778271B (en) | 2016-12-15 | 2016-12-15 | A kind of Android reinforces the reverse process method of plug-in unit |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106778271A CN106778271A (en) | 2017-05-31 |
CN106778271B true CN106778271B (en) | 2019-05-14 |
Family
ID=58888940
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611156778.7A Active CN106778271B (en) | 2016-12-15 | 2016-12-15 | A kind of Android reinforces the reverse process method of plug-in unit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106778271B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111459822B (en) * | 2020-04-01 | 2023-10-03 | 抖音视界有限公司 | Method, device, equipment and readable medium for extracting system component data |
CN113836531A (en) * | 2021-09-25 | 2021-12-24 | 上海蛮犀科技有限公司 | Detection method for dynamic restoration of mobile application code memory |
CN114924809B (en) * | 2022-05-19 | 2024-03-29 | 西安理工大学 | DEX file class-based streaming micro-service loading verification method |
CN116126427B (en) * | 2023-04-14 | 2023-07-18 | 杭州比智科技有限公司 | Implementation method of non-invasive SDK auxiliary integrated plug-in based on tangent plane programming |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
CN104111832A (en) * | 2014-07-03 | 2014-10-22 | 北京思特奇信息技术股份有限公司 | Android application program installation package packing method and system and unpacking method |
CN105184160A (en) * | 2015-07-24 | 2015-12-23 | 哈尔滨工程大学 | API object calling relation graph based method for detecting malicious behavior of application program in Android mobile phone platform |
CN105391763A (en) * | 2015-10-13 | 2016-03-09 | 北京奇虎科技有限公司 | Method and server for reinforcing a plurality of apk files |
CN105608346A (en) * | 2015-12-25 | 2016-05-25 | 北京奇虎科技有限公司 | ELF file protection method and system based on ARM instruction virtualization |
CN105608393A (en) * | 2016-01-19 | 2016-05-25 | 北京鼎源科技有限公司 | Reinforcement method of executable file reorganization on basis of Android |
CN105930692A (en) * | 2016-04-20 | 2016-09-07 | 北京鼎源科技有限公司 | Dynamic shelling method for Android application |
CN106022130A (en) * | 2016-05-20 | 2016-10-12 | 中国科学院信息工程研究所 | Shelling method and device for reinforced application program |
CN106203110A (en) * | 2016-06-30 | 2016-12-07 | 中国地质大学(武汉) | Android safety enhancing system based on resolving inversely mechanism |
-
2016
- 2016-12-15 CN CN201611156778.7A patent/CN106778271B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
CN104111832A (en) * | 2014-07-03 | 2014-10-22 | 北京思特奇信息技术股份有限公司 | Android application program installation package packing method and system and unpacking method |
CN105184160A (en) * | 2015-07-24 | 2015-12-23 | 哈尔滨工程大学 | API object calling relation graph based method for detecting malicious behavior of application program in Android mobile phone platform |
CN105391763A (en) * | 2015-10-13 | 2016-03-09 | 北京奇虎科技有限公司 | Method and server for reinforcing a plurality of apk files |
CN105608346A (en) * | 2015-12-25 | 2016-05-25 | 北京奇虎科技有限公司 | ELF file protection method and system based on ARM instruction virtualization |
CN105608393A (en) * | 2016-01-19 | 2016-05-25 | 北京鼎源科技有限公司 | Reinforcement method of executable file reorganization on basis of Android |
CN105930692A (en) * | 2016-04-20 | 2016-09-07 | 北京鼎源科技有限公司 | Dynamic shelling method for Android application |
CN106022130A (en) * | 2016-05-20 | 2016-10-12 | 中国科学院信息工程研究所 | Shelling method and device for reinforced application program |
CN106203110A (en) * | 2016-06-30 | 2016-12-07 | 中国地质大学(武汉) | Android safety enhancing system based on resolving inversely mechanism |
Also Published As
Publication number | Publication date |
---|---|
CN106778271A (en) | 2017-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106778271B (en) | A kind of Android reinforces the reverse process method of plug-in unit | |
Koo et al. | Configuration-driven software debloating | |
US10498763B2 (en) | On-demand injection of software booby traps in live processes | |
Schmidt et al. | Enhancing security of linux-based android devices | |
CN105574411B (en) | A kind of dynamic hulling method, device and equipment | |
Chen et al. | Penetration testing in the iot age | |
Chen et al. | Toss: Tailoring online server systems through binary feature customization | |
De Maio et al. | Pexy: The other side of exploit kits | |
Shankar et al. | AndroTaint: An efficient android malware detection framework using dynamic taint analysis | |
KR20170068814A (en) | Apparatus and Method for Recognizing Vicious Mobile App | |
Yang et al. | Automated generation of event-oriented exploits in android hybrid apps | |
CN113055492A (en) | Control method and device for service gray scale link, computer equipment and storage medium | |
CN114978940B (en) | Link monitoring and alarming method, device, computer equipment and storage medium | |
CN106897607A (en) | A kind of method for monitoring application program and device | |
Gajrani et al. | EspyDroid+: Precise reflection analysis of android apps | |
Faruki et al. | Droidanalyst: Synergic app framework for static and dynamic app analysis | |
Fu et al. | Leaksemantic: Identifying abnormal sensitive network transmissions in mobile applications | |
Sun et al. | A scalable high fidelity decoy framework against sophisticated cyber attacks | |
Liu et al. | TDroid: Exposing app switching attacks in Android with control flow specialization | |
Leslous et al. | Gpfinder: tracking the invisible in android malware | |
Pouryousef et al. | Let me join two worlds! analyzing the integration of web and native technologies in hybrid mobile apps | |
Alptekin et al. | Trapdroid: Bare-metal android malware behavior analysis framework | |
Shahriar et al. | Mobile application security using static and dynamic analysis | |
Ascia et al. | Making android apps data-leak-safe by data flow analysis and code injection | |
EP4160455A1 (en) | Behavior analysis based on finite-state machine for malware detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |